How Your Protected Health Information May Be Used or Disclosed
In accordance with HIPAA law, NeuroPointDX applies the Minimum Necessary Rule to any request, use or disclosure of PHI. The Minimum Necessary Rule states that for any request, use or disclosure of PHI, only the minimum necessary information that is needed will be provided, with the following exceptions:
- Use or disclosure for treatment, payment, or healthcare operations.
- Use or disclosure made directly to a patient, or their legal representative, of the patient’s own PHI.
- Use or disclosure based on a valid authorization form, which is a patient’s written permission to use or disclose their PHI.
- Use or disclosure that is required by law, such as disclosures to the Department of Health and Human Services for investigations, reviews, and HIPAA enforcement.
NeuroPointDX is permitted to use and disclose PHI without a valid patient authorization form for the following purposes and situations:
- To the individual of whom the PHI is about.
- For treatment, payment, and healthcare operations.
- Opportunity to agree or object.
- Incident to an otherwise permitted use or disclosure.
- Public interest and benefit activities
- Limited data set for research, public health, or healthcare operations.