In what situation would a healthcare provider NOT need patient consent to disclose PHI?

The correct answer highlights that a healthcare provider does not require patient consent to disclose protected health information (PHI) when the disclosure is mandated by law. This situation commonly arises in cases involving mandatory reporting, such as instances of suspected child or elder abuse, or when a healthcare provider is compelled to report certain communicable diseases to public health authorities.

In these scenarios, the law overrides patient consent requirements because the disclosure is critical for the protection of the individual or community and is aimed at ensuring safety and welfare. Therefore, healthcare providers must comply with such legal obligations, even if it means sharing PHI without direct authorization from the patient.

In contrast, disclosing information to family members typically does require patient consent, unless certain exceptions apply, such as in emergencies where the patient cannot provide consent. When a patient inquires about their own records, they have the right to access and view their PHI, so consent is not necessary because they are entitled to this information. Sharing information with business associates also mandates adherence to privacy laws, which usually include having a business associate agreement in place to govern the use and disclosure of PHI.