May a covered entity use or disclose protected health information for litigation?
A covered entity may use or disclose protected health information as permitted or required by the Privacy Rule, see 45 CFR 164.502(a) (PDF); and, subject to certain conditions the Rule typically permits uses and disclosures for litigation, whether for judicial or administrative proceedings, under particular provisions for judicial and administrative proceedings set forth at 45 CFR 164.512(e) (GPO), or as part of the covered entity’s health care operations, 45 CFR 164.506(a) (PDF). Depending on the context, a covered entity’s use or disclosure of protected health information in the course of litigation also may be permitted under a number of other provisions of the Rule, including uses or disclosures that are: • required by law (as when the court has ordered certain disclosures), • for a proceeding before a health oversight agency (as in a contested licensing revocation), • for payment purposes (as in a collection action on an unpaid claim), or • with the individual’s written authorizat
Related Questions
- May a covered entity disclose protected health information specified in an authorization, even if that information was created after the authorization was signed?
- When must a covered entity account for disclosures of protected health information made during the course of litigation?
- Is a business associate contract required for a covered entity to disclose protected health information to a researcher?
