Under which circumstances can covered entities disclose PHI without authorization?

Covered entities can disclose protected health information (PHI) without obtaining patient authorization under several specific circumstances, which encompass the options provided in the question. Each situation is designed to balance the need for patient privacy with the necessity of information sharing in particular contexts.

Public health activities allow for the disclosure of PHI to prevent or control disease, injury, or disability. This includes reporting disease outbreaks, conducting public health surveillance, and facilitating medical investigations essential for protecting community health. In these cases, the need to protect public health outweighs the need for individual consent.

Court orders or subpoenas represent another circumstance where PHI can be disclosed without authorization. When a court issues a valid order or subpoena requiring the disclosure of information, covered entities must comply, as it is a legal obligation. Legal proceedings seek to maintain justice, and the sharing of PHI under these circumstances is essential for a fair process.

Certain law enforcement purposes also permit disclosure of PHI without authorization. This can include situations where there is a need to report a crime, to identify or locate a suspect, or to provide information about victims of a crime. In these cases, the interest of law enforcement in investigating and preventing crime is acknowledged as a valid reason for sharing patient information without prior consent.

Given