Compliance Just Got Easier: Stay ahead of regulatory changes with instant notifications on updates that matter.
['Employee Benefits']
['HIPAA privacy and security']
04/22/2026
Copyright 2026 J. J. Keller & Associate, Inc. For re-use options please contact copyright@jjkeller.com or call 800-558-5011.
General principle for uses and disclosures
OCR Privacy Brief: Summary of the HIPAA Privacy Rule
Basic Principle. A major purpose of the Privacy Rule is to define and limit the circumstances in which an individual's protected heath information may be used or disclosed by covered entities. A covered entity may not use or disclose protected health information, except either: (1) as the Privacy Rule permits or requires; or (2) as the individual who is the subject of the information (or the individual's personal representative) authorizes in writing.16
Required Disclosures. A covered entity must disclose protected health information in only two situations: (a) to individuals (or their personal representatives) specifically when they request access to, or an accounting of disclosures of, their protected health information; and (b) to HHS when it is undertaking a compliance investigation or review or enforcement action.17 See OCR "Government Access" Guidance.
1645 C.F.R. §164.502(a).
17 45 C.F.R. §164.502(a)(2).
['Employee Benefits']
['HIPAA privacy and security']
UPGRADE TO CONTINUE READING
J. J. Keller is the trusted source for DOT / Transportation, OSHA / Workplace Safety, Human Resources, Construction Safety and Hazmat / Hazardous Materials regulation compliance products and services. J. J. Keller helps you increase safety awareness, reduce risk, follow best practices, improve safety training, and stay current with changing regulations.
Copyright 2026 J. J. Keller & Associate, Inc. For re-use options please contact copyright@jjkeller.com or call 800-558-5011.