Yes. The HIPAA Privacy Rule does not require providers to obtain an individual’s consent prior to using or disclosing protected health information about him or her for treatment, payment, or health care operations.

No. Consulting with another health care provider about a patient is within the HIPAA Privacy Rule’s definition of “treatment” and, therefore, is permissible. In addition, a health care provider is expressly permitted to disclose protected health information about an individual to a health care provider for that provider’s treatment of the individual.

Yes. The Privacy Rule permits a provider, or a business associate acting on behalf of a provider (e.g., a collection agency) to disclose protected health information as necessary to obtain payment for health care, and does not limit to whom such a disclosure may be made. Therefore, a provider, or its business associate, may contact persons other than the individual as necessary to obtain payment for health care services. However, the Privacy Rule requires a provider, or its business associate, to reasonably limit the amount of information disclosed for such purposes to the minimum necessary, as well as to abide by any reasonable requests for confidential communications and any agreed-to restrictions on the use or disclosure of protected health information.

No. The HIPAA Privacy Rule permits a health care provider to disclose protected health information about an individual, without the individual’s authorization, to another health care provider for that provider’s treatment of the individual.

Yes. The HIPAA Privacy Rule permits a health care provider to disclose protected health information about an individual, without the individual's authorization, to another health care provider for that provider's treatment or payment purposes.