In which scenario can PHI be disclosed without obtaining patient consent?

The disclosure of Protected Health Information (PHI) without obtaining patient consent is permissible in situations where the disclosure is mandated by law. One of the primary exceptions under HIPAA regulations involves disclosures that are necessary for public health activities, such as reporting certain diseases or occurrences to public health authorities to monitor and control public health threats. This provision allows healthcare entities to effectively contribute to public health initiatives and ensure community safety without the typical requirement of consent from the patient.

In contrast, the other scenarios mentioned would not meet the legal thresholds for disclosure without consent. For example, sharing PHI with family members or friends, without the patient’s consent, would generally violate patient privacy unless certain criteria are met, such as them being involved in the care. Similarly, sharing information with healthcare providers may not always require consent if it pertains to treatment, but it often depends on the context of the sharing relationship. Thus, these scenarios do not align with the established mandates of HIPAA that allow for disclosures specifically required by law.