HOW WE MAY USE AND DISCLOSE YOUR PROTECTED HEALTH INFORMATION WITHOUT YOUR AUTHORIZATION:
Medical records containing substance use disorder treatment information are protected by very strict laws including 42 CFR Part 2 and HIPAA. 42 CFR Part 2 generally prohibits treatment programs and certain third-party recipients from disclosing patient identities or records without patient consent. The following categories describe different ways that we may use and disclose your PHI without your authorization. Certain disclosures of PHI may be made electronically.
1. Medical Emergency: We may disclose your PHI to medical personnel to the extent necessary to meet a bona fide medical emergency in which your prior informed consent cannot be obtained pursuant to 42 CFR §2.51. Immediately following disclosure, we will document, in writing, the disclose in your medical record including the name of the medical personnel to whom the disclosure was made and there affiliation with us, the name of the individual making the disclosure, the date and time of the disclosure, and the nature of the emergency.
2. Research: We may disclose your PHI for the purpose of research pursuant to 42 CFR §2.52. We will only disclose your PHI for research purposes if we determine that certain conditions are met, including that the recipient of your PHI is a HIPAA covered entity or business associate and is bound by the requirements of 42 CFR Part 2.
3. Qualified Audit or Evaluation of the Program: We may disclose your PHI to a health oversight agency for activities authorized by 42 CFR §2.53. These oversight activities include, for example, audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.
4. To Respond to a Court Order: We may disclose your PHI in response to a court order authorizing disclosure and use of patent records pursuant to 42 CFR §§2.61-2.67.
5. Child Abuse or Neglect Reports Required by State Law: We may disclose your PHI in order to report under state law incidents of suspected child abuse and neglect to the appropriate state or local authorities pursuant to 42 CFR §2.12(c)(6).
6. Law Enforcement: We may disclose your PHI to law enforcement officials for law enforcement purposes, but only as related to your commission of a crime on our property, against our employees, or a threat to commit such crime, and the disclosure is limited to the circumstances of the incident pursuant to 42 CFR §2.12(c)(5).
7. Qualified Service Organization Agreements: We may disclose your PHI to a qualified service organization as needed by the qualified service organization to provide services to the program pursuant to 42 CFR §2.12(c)(4). Examples of when we may use a qualified service organization include data processing, bill collecting, dosage preparation, laboratory analyses, or legal, medical, accounting or other professional services or services to prevent or treat child abuse or neglect. When we enter into contracts to obtain these services, we may need to disclose your PHI so that the organization may perform the job which we have requested. To protect your PHI, however, we require each qualified service organization to appropriately safeguard your information.