Health Information of a patient is protected as per the HIPAA Privacy Rule.  This is to maintain confidentiality related to the patient’s diseases and procedures.  The Protected Health Information should not be used or disclosed when it is not necessary.  The PHI can be disclosed ONLY for certain situation or particular purpose that necessitates a physician to carry out a function.  According to HIPAA, the covered entities should safeguard PHI to limit unnecessary or inappropriate access and disclosure.   As per the disclosure policy, when an individual’s job necessitates, they can get access to PHI.  There is a provision in HIPAA that only minimum necessary Protected Health Information (PHI) should be shared or disclosed to satisfy a particular purpose.  If the Protected Health Information (PHI) is not required to satisfy particular purpose, it must be withheld and should not be revealed to any individual.

For a Health Provider, PHI can be shared only for treatment purposes.

PHI can be disclosed only to the subject of information to understand own conditions and treatments.

PHI should either be used or disclosed only after prior consent or authorization from the patient.

PHI should be disclosed in regards to HIPAA Compliance or Government Enforcement Needs.