Incidental Uses and Disclosures

Yes. The HIPAA Privacy Rule is not intended to prohibit providers from talking to each other and to their patients. Provisions of this Rule requiring covered entities to implement reasonable safeguards that reflect their particular circumstances and exempting treatment disclosures from certain requirements are intended to ensure that providers’ primary consideration is the appropriate treatment of their patients.

Read the full answer

Yes. The HIPAA Privacy Rule permits health care providers to communicate with patients regarding their health care.

Read the full answer

Yes. Covered entities, such as physician’s offices, may use patient sign-in sheets or call out patient names in waiting rooms, so long as the information disclosed is appropriately limited.

Read the full answer

No. The HIPAA Privacy Rule does not prohibit covered entities from engaging in common and important health care practices; nor does it specify the specific measures that must be applied to protect an individual’s privacy while engaging in these practices.

Read the full answer

Yes, the Privacy Rule permits this practice as long as the clinic takes reasonable and appropriate measures to protect the patient’s privacy.

Read the full answer

The Privacy Rule explicitly permits certain incidental disclosures that occur as a by-product of an otherwise permitted disclosure—for example, the disclosure to other patients in a waiting room of the identity of the person whose name is called.

Read the full answer

Disclosures of protected health information in a group therapy setting are treatment disclosures and, thus, may be made without an individual’s authorization.

Read the full answer

The Privacy Rule includes a specific exception from the accounting standard for incidental disclosures permitted by the Rule. See 45 CFR 164.528(a)(1).

Read the full answer

The provisions apply universally to incidental uses and disclosures that result from any use or disclosure permitted under the Privacy Rule, and not just to incidental uses and disclosures resulting from treatment communications, or only to communications among health care providers or other medical staff.

Read the full answer

The HIPAA Privacy Rule does not require that all risk of incidental use or disclosure be eliminated to satisfy its standards.

Read the full answer

Incidental Uses and Disclosures

196-Can health care providers engage in confidential conversations with other providers or with patients

198-May providers leave messages for patients at their homes to remind them of appointments

199-May providers use patient sign-in sheets or call out the names in their waiting rooms

200-Can providers prohibited maintain patient medical charts at bedside or outside of exam rooms

201-Will HIPAA Privacy Rule allow clinics to place patient charts outside an exam room

202-Will HIPAA allow the hospital to display patient names outside of rooms

203-May specialists provide therapy to patients in a group setting

204-Are covered entities required to document incidental disclosures in an accounting of disclosures

205-Does HIPAA permit certain incidental uses and disclosures only in treatment situations or discussions among health care providers

206-Is a covered entity required to prevent any incidental use or disclosure of protected health information?

Sign Up for Email Updates