Using and Disclosing Protected Health Information (PHI): A Guide for NC Public Health Professionals (NC Public Health HIPAA Training, Module 2)
|Description:||The module is divided into three parts. Part 1 provides the foundational information that you need to know to understand how to apply the use and disclosure regulations in practice. Part 2 walks through each use and disclosure regulation and gives examples. Part 3 addresses HIPAA's individual right of access and explains how it relates to disclosure of PHI.|
To create a login ID and password for the NCIPH Training Website, click on the Create An Account link. If you have previously created an account, click on the Login to Training Link. Please read over the information on this page first.
- Distinguish between a use and a disclosure of protected health information (PHI)
- Describe the minimum necessary standard
- Explain what the verification standard requires
- Identify the rules for using and disclosing PHI
- Locate the appropriate rule for a particular use or disclosure
- Describe the individual right of access
- Explain how it relates to disclosure of PHI
|Author and Narrator:|
Jill Moore, MPH, JD
Erin Magee, MPH, MSW
Ki'Yonna Jones, MHA, MBA
|Subject Matter Expert Reviewer:|
Jill Moore, MPH, JD
The author(s) and reviewer(s) of this training have no personal financial relationships with commercial interests relevant to this presentation to disclose. Author, narrator, reviewer affiliations listed were current at the time of training development.
Competencies and Capability Functions Addressed
This training addresses selected applied epidemiology, core public health, and public health preparedness and response competencies and public health preparedness capability functions. (Please note: The competencies included on this site are just a few of the public health competencies which have been established. Training participants may find alignment between this training and other competency sets not included on this site.)
|Core Competencies for Public Health Professionals Tier 1|
|2A7. Describes implications of policies, programs, and services (2: Policy Development/Program Planning Skills)|
|7A3. Adheres to organizational policies and procedures (7: Financial Planning & Management Skills)|
|Public Health Preparedness Capabilities|
|Capability 6, Function 2: Identify and develop rules and data elements for sharing|
|Public Health Preparedness & Response Core Competencies|
|2.4. Collect data according to protocol.|
|2.5. Manage the recording and/or transcription of data according to protocol.|
Definitions, 45 C.F.R. § 160.103 and 45 C.F.R. § 164.501.
Uses and Disclosures of Protected Health Information: General Rule, 45 C.F.R. § 164.502.
Uses and Disclosures to Carry Out Treatment, Payment, and Health Care Operations, 45 C.F.R. § 164.506.
Uses and Disclosures for Which an Authorization is Required, 45 C.F.R. § 164.508.
Uses and Disclosures Requiring an Opportunity for the Individual to Agree or Object, 45 C.F.R. § 164.510.
Uses and Disclosures for Which an Authorization or Opportunity to Agree or Object is Not Required, 45 C.F.R. § 164.512.
Other Requirements Relating to Uses and Disclosures of Protected Health Information, 45 C.F.R. § 164.514.
Access of Individuals to Protected Health Information, 45 C.F.R. § 164.524.
Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules. 78 Fed. Reg. 5565 (Jan. 25, 2013).
Website: Understanding Some of HIPAA's Permitted Uses and Disclosures. U.S. Department of Health and Human Services, Office for Civil Rights. https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/permitted-uses/index.html.
Website: Individuals' Right Under HIPAA to Access their Health Information. U.S. Department of Health and Human Services, Office for Civil Rights. https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html.