Show Menu

HIPAA Disclosure Chart Cheat Sheet by

HIPAA Disclosure Chart
cms     healthcare     chart     hipaa     disclosure     consent     authorization

The Privacy Rule

The Privacy Rule, as well as all the Admini­str­ative Simpli­fic­ation rules, apply to health plans, health care cleari­ngh­ouses, and to any health care provider who transmits health inform­ation in electronic form in connection with transa­ctions for which the Secretary of HHS has adopted standards under HIPAA (the “covered entiti­es”).

HIPAA Privacy Basics


A covered entity must obtain the indivi­dual’s written author­ization for any use or disclosure of protected health inform­ation that is not for treatment, payment or health care operations or otherwise permitted or required by the Privacy Rule.44 A covered entity may not condition treatment, payment, enroll­ment, or benefits eligib­ility on an individual granting an author­iza­tion, except in limited circum­sta­nces.

An author­ization must be written in specific terms. It may allow use and disclosure of protected health inform­ation by the covered entity seeking the author­iza­tion, or by a third party. Examples of disclo­sures that would require an indivi­dual’s author­ization include disclo­sures to a life insurer for coverage purposes, disclo­sures to an employer of the results of a pre-em­plo­yment physical or lab test, or disclo­sures to a pharma­ceu­tical firm for their own marketing purposes


The Privacy Rule permits, but does not require, a covered entity volunt­arily to obtain patient consent for uses and disclo­sures of protected health inform­ation for treatment, payment, and health care operat­ions. Covered entities that do so have complete discretion to design a process that best suits their needs.

Allowed with patient consent

Health care Operat­ions
Direct treatment
QA and QI
Due diligence
Resolution of grievances
Statis­tical analyses
Insurance related

Allowed with patient author­ization

Marketing use
Employment determinations
Psycho­therapy notes for treatment, payment or health care operations

No consent or author­ization needed

Facility directories
Indirect treatment
Emergency treatment
If required by law
Public health activities
Reporting victims of abuse, neglect or violence to authorities
Health oversight activities

Download the HIPAA Disclosure Chart Cheat Sheet

1 Page

PDF (recommended)

Alternative Downloads

Share This Cheat Sheet!



No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.

          Related Cheat Sheets

          More Cheat Sheets by Davidpol

          Cincinnati Prehospital Stroke Scale Cheat Sheet
          Uses for Bees Wax Cheat Sheet