Login
Get a Demo

Live Dec 18: See 2025’s Most Impactful Trainings and What to Prioritize in 2026 – Save Your Seat.

How and When to use PHI in relation to HIPAA Laws

Private Health Information (PHI) can be used for a variety of reasons without authorization. For instance, healthcare providers can freely use PHI to facilitate treatment, for payment processing, and for healthcare operations, which are commonly referred to collectively as TPO.

How and When to use PHI in relation to HIPAA Laws

When is PHI mandatory to Report?

If people request information from their record, as a covered entity, you must disclose the information, unless an exception applies. Another mandatory disclosure is to the Department of Health and Human Services, for a compliance investigation. Sometimes, disclosures of PHI are required by law; common reasons can include reporting vulnerable adult abuse, reporting child abuse, when there is a court order signed by a judge, when there is a threat to public health, and sometimes for disaster relief purposes and to report vital statistics to the government.

When is PHI mandatory to Report?

Using PHI to Process Healthcare Payments

In this chapter, we’ll take a closer look at some of the healthcare business operations where a healthcare provider has the right to use and disclose PHI. For example, healthcare providers are free to use PHI to process healthcare payments. However, if an individual has paid out of pocket in full for the medical services they receive, they have the right to restrict disclosure to the health plan provider. 

Using PHI to Process Healthcare Payments
Get started today in 5 minutes
Examples of Using PHI without Authorization

PHI can be used without authorization to facilitate treatment, for payment processing, and to conduct healthcare business operations.

1
Business Associate Agreements

For instance, you may disclose PHI to Business Associates without authorization if you have a business associate agreement in place. An informal authorization is acceptable in the case of discussing treatment and outcomes or payment with the individual’s caretaker who could be a friend or family member when the information is directly relevant to this person’s involvement with the individual’s care.  

2
Conducting Healthcare Business Operations

Some examples of such operations are a variety of activities of a covered entity including, but not limited to: quality assessment and improvement, outcome evaluation and development of clinical guidelines, reviewing competence, qualifications, and performance of healthcare professionals conducting health care practitioner training programs, accreditation, certification, licensing, and credentialing.

3
Incapacitated Patients

If the individual is incapacitated and there is no authorized representative, medical professionals may use their professional judgement and ethics in determining what information to disclose. It is possible for PHI to be disclosed to the personal representative of the individual, if: The individual’s representative’s identity is verified and proper procedures are followed for a response to a request for access.

Disclosing PHI without Explicit Permission

A healthcare provider has the right to use and disclose PHI without explicit permission for a variety of business activities. Examples of these activities include but are not limited to:  

Here are some myths to look out for:

  • -

    Quality assessment and improvement

  • -

    Outcome evaluation and development of clinical guidelines

  • -

    Reviewing competence, qualifications, and performance of healthcare professionals conducting health care practitioner training programs

  • -

    Accreditation, certification, licensing, and credentialing

Image for See why 8,000+ businesses love EasyLlama
See why 8,000+ businesses love EasyLlama

HIPAA Training to Benefit your staff members

The primary benefit of HIPAA training that includes private health information is that it helps ensure that healthcare providers, staff, and other individuals who handle private health information are aware of their obligations to protect the privacy and security of patients’ data. EasyLLama’s HIPAA training courses for Business Associates and Covered Entities helps ensure that all healthcare professionals are familiar with the rules and regulations set forth by HIPAA and that they understand the importance of protecting patient privacy.

HIPAA Training to Benefit your staff members

Helping over 8,000 organizations create a safer, more productive workplace

logo 1
logo 2
logo 3
logo 4
logo 5
logo 6
logo 7
logo 8
logo 9
logo 10
logo 11
logo 12
logo 13
logo 14
logo 15
logo 16
logo 17
logo 18
logo 19
logo 20
logo 21
logo 22
logo 23
logo 24
logo 25
logo 26
logo 27
logo 28
logo 29
logo 30
logo 31
logo 32
logo 33
logo 34
logo 35
logo 36
logo 37
logo 38
logo 39
logo 40
logo 41
logo 42
logo 43
logo 44
logo 45
logo 46
logo 47
logo 48
logo 49
logo 50
logo 51
logo 52
logo 53
logo 54
logo 55
logo 56
logo 57
logo 58
logo 59
logo 60
logo 61
logo 62
logo 63
logo 64
logo 65
logo 66
logo 67
logo 68
logo 69
logo 70
logo 71
logo 72
logo 73
logo 74
logo 75
logo 76
logo 77
logo 78
logo 79
logo 80
logo 81
logo 82
logo 83
logo 84
logo 85
logo 86
logo 87
logo 88
logo 89
logo 90
logo 91
logo 92
logo 93
logo 94
logo 95
logo 96
logo 97
logo 98
logo 99
logo 100
logo 101
logo 102
Get more from easyLlama
The Most Comprehensive HIPAA Training Solution

EasyLlama’s online training course helps prepare employees to navigate HIPAA. This course provides an in-depth examination of how to respond to a breach of confidential data and the best way to protect your patients. The course covers:

Chapter 1: Introduction and Overview of HIPAA
Chapter 2: The Privacy Rule
Chapter 3: Minimum Necessary Requirements
Chapter 4: How and When to Use PHI
Chapter 5: Individual Rights
Chapter 6: Business Associate Agreement
Chapter 7: The Security Rule
Chapter 8: The Enforcement Rule
Chapter 9: The Breach Notification Rule
Chapter 10: HIPAA Timeline and Updates
Get more from EasyLlama
Discrimination in the Workplace
Discrimination in the Workplace
Learn more
Race Discrimination in the Workplace
Race Discrimination in the Workplace
Learn more
Socioeconomic Diversity in the workplace
Socioeconomic Diversity in the workplace
Learn more
lama
Empower Your People. Strengthen Your Workplace.
Schedule a demo to see how EasyLlama makes training easier, workplaces safer, and business outcomes stronger — all in one platform.
Get a Demo
lamalama