HIPAA Use and Disclosure Guidelines

Welcome to the next course. In this course, we are going to discuss HIPAA Use and Disclosure Guidelines! It is vital that you individually understand the importance of the HIPAA Use and Disclosure guidelines for both your practice and your patient’s safety. Now, with that being said, there are times when we can disclose PHI without obtaining authorization. But there are times we are required to obtain authorization directly from the individual.


One of the main objectives of HIPAA was to allow for the electronic flow of full health care information while still providing a secure and confidential atmosphere to minimize threats and risks of a breach.


Under the Privacy Rule, we may use and disclose PHI without patient written authorization for the purposes of treatment, payment, and health care operations.


  • Treatment is the provision, coordination, and/or management of a patient’s condition through diagnostic testing, referral for services in another specialty, and consultations between providers.
  • Payment refers to the activities of reimbursement for services, communication with insurers, or others involved in the reimbursement process. This area also includes eligibility verification, billing, and collections.
  • Health care operations pertain to all other areas including quality assurance activities, competency activities, residency, and medical school programs, conducting audit programs for compliance, training programs for allied health, as well as business planning and development to define a few.