HIPAA Allows Physician Disclosure of PHI When?


HIPAA allows disclosures of PHI without authorization when such disclosures are "required by law." What does this mean?


The regulations define "required by law" as a mandate contained in a law and enforceable by a court that requires a covered entity to use or disclose PHI.

Uses and disclosures include required by law include but are not limited to

  • court orders and warrants
  • subpoenas or summons issued by a court, grand jury, governmental or tribal inspector general, or an administrative body
  • civil or authorized investigative demands
  • Medicare Conditions of Participation
  • statutes or regulations that require the production of information

Have questions? I’m here to help.