Page 77 - Privacy_Program
P. 77
DP165.9d (d) If the employer needs such findings in order to comply with its obligations,
under 29 CFR parts 1904 through 1928, 30 CFR parts 50 through 90, or under
state law having a similar purpose, to record such illness or injury or to carry
out responsibilities for workplace medical surveillance.
DP165.9e (e) The organization provides written notice to the individual that PHI relating
to the medical surveillance of the workplace and work‐related illnesses and
injuries is disclosed to the employer:
DP165.9e.i by giving a copy of the notice to the individual at the time the health care is
provided; or
DP165.9e.ii if the health care is provided on the work site of the employer, by posting the
notice in a prominent place at the location where the health care is provided.
Employees and DP165.10 The organization may disclose PHI to a health oversight agency for oversight
others with Access activities authorized by law, including audits; civil, administrative, or criminal
to PHI, with Chief or investigations; inspections; licensure or disciplinary actions; civil, administrative,
assigned Director or or criminal proceedings; except as otherwise stated in this policy and procedure.
Manager
Employees and Others DP165.11 If a health oversight activity or investigation is conducted in conjunction with an
with Access to PHI, with oversight activity or investigation relating to a claim for public benefits unrelated
Chief or assigned to health, the organization considers the joint activity or investigation to be a
Director or Manager health oversight activity.
Employees and Others DP165.12 The organization will not disclose PHI without authorization in cases where a
with Access to PHI, with participant is the subject of the investigation or other activity; if such
Chief or assigned investigation or other activity does not arise out of and is not directly related
Director or Manager to:
DP165.12a (a) the receipt of health care;
DP165.12b (b) a claim for public benefits related to health;
DP165.12c (c) qualification for or receipt of public benefits or services when a
participant’s health is integral to the claim for public benefits or services.
Employees and others DP165.13 The organization may disclose PHI to a health oversight agency for oversight
with Access to PHI, activities authorized by law, including audits; civil, administrative, or criminal
with Chief or assigned investigations; inspections; licensure or disciplinary actions; civil,
Director or Manager administrative, or criminal proceedings or actions; or other activities necessary
for appropriate oversight of the following:
DP165.13a (a) the health care system;
DP165.13b (b) government benefit programs for which health information is relevant to
beneficiary eligibility;
DP165.13c (c) entities subject to government regulatory programs for which health
information is necessary for determining compliance with program standards;
DP165.13d (d) entities subject to civil rights laws for which health information is necessary
for determining compliance.
Employees and Others DP165.14 The organization may disclose PHI without authorization to a health oversight
with Access to PHI, with agency if a health oversight activity or investigation is conducted in
Chief or assigned conjunction with an oversight activity or investigation relating to a claim for
Director or Manager public benefits not related to health.
Employees and Others DP165.15 The organization, consistent with all applicable laws, may use or disclose PHI if
with Access to PHI, with the organization, in good faith, believes the use or disclosure is necessary to
Chief or assigned prevent or lessen a serious and imminent threat to the health or safety of a
Director or Manager person or the public.
GES CONFIDENTIAL 73
