70.02.050 - Disclosure without patient's authorization.
Disclosure without patient's authorization.
(1) A health care provider or health care facility may disclose health care information about a patient without the patient's authorization to the extent a recipient needs to know the information, if the disclosure is:
(a) To a person who the provider or facility reasonably believes is providing health care to the patient;
(b) To any other person who requires health care information for health care education, or to provide planning, quality assurance, peer review, or administrative, legal, financial, actuarial services to, or other health care operations for or on behalf of the health care provider or health care facility; or for assisting the health care provider or health care facility in the delivery of health care and the health care provider or health care facility reasonably believes that the person:
(i) Will not use or disclose the health care information for any other purpose; and
(ii) Will take appropriate steps to protect the health care information;
(c) To any other health care provider or health care facility reasonably believed to have previously provided health care to the patient, to the extent necessary to provide health care to the patient, unless the patient has instructed the health care provider or health care facility in writing not to make the disclosure;
(d) To any person if the health care provider or health care facility reasonably believes that disclosure will avoid or minimize an imminent danger to the health or safety of the patient or any other individual, however there is no obligation under this chapter on the part of the provider or facility to so disclose;
(e) To immediate family members of the patient, including a patient's state registered domestic partner, or any other individual with whom the patient is known to have a close personal relationship, if made in accordance with good medical or other professional practice, unless the patient has instructed the health care provider or health care facility in writing not to make the disclosure;
(f) To a health care provider or health care facility who is the successor in interest to the health care provider or health care facility maintaining the health care information;
(g) For use in a research project that an institutional review board has determined:
(i) Is of sufficient importance to outweigh the intrusion into the privacy of the patient that would result from the disclosure;
(ii) Is impracticable without the use or disclosure of the health care information in individually identifiable form;
(iii) Contains reasonable safeguards to protect the information from redisclosure;
(iv) Contains reasonable safeguards to protect against identifying, directly or indirectly, any patient in any report of the research project; and
(v) Contains procedures to remove or destroy at the earliest opportunity, consistent with the purposes of the project, information that would enable the patient to be identified, unless an institutional review board authorizes retention of identifying information for purposes of another research project;
(h) To a person who obtains information for purposes of an audit, if that person agrees in writing to:
(i) Remove or destroy, at the earliest opportunity consistent with the purpose of the audit, information that would enable the patient to be identified; and
(ii) Not to disclose the information further, except to accomplish the audit or report unlawful or improper conduct involving fraud in payment for health care by a health care provider or patient, or other unlawful conduct by the health care provider;
(i) To an official of a penal or other custodial institution in which the patient is detained;
(j) To provide directory information, unless the patient has instructed the health care provider or health care facility not to make the disclosure;
(k) To fire, police, sheriff, or another public authority, that brought, or caused to be brought, the patient to the health care facility or health care provider if the disclosure is limited to the patient's name, residence, sex, age, occupation, condition, diagnosis, estimated or actual discharge date, or extent and location of injuries as determined by a physician, and whether the patient was conscious when admitted;
(l) To federal, state, or local law enforcement authorities and the health care provider, health care facility, or third-party payor believes in good faith that the health care information disclosed constitutes evidence of criminal conduct that occurred on the premises of the health care provider, health care facility, or third-party payor;
(m) To another health care provider, health care facility, or third-party payor for the health care operations of the health care provider, health care facility, or third-party payor that receives the information, if each entity has or had a relationship with the patient who is the subject of the health care information being requested, the health care information pertains to such relationship, and the disclosure is for the purposes described in RCW 70.02.010(8) (a) and (b); or
(n) For payment.
(2) A health care provider shall disclose health care information about a patient without the patient's authorization if the disclosure is:
(a) To federal, state, or local public health authorities, to the extent the health care provider is required by law to report health care information; when needed to determine compliance with state or federal licensure, certification or registration rules or laws; or when needed to protect the public health;
(b) To federal, state, or local law enforcement authorities to the extent the health care provider is required by law;
(c) To federal, state, or local law enforcement authorities, upon receipt of a written or oral request made to a nursing supervisor, administrator, or designated privacy official, in a case in which the patient is being treated or has been treated for a bullet wound, gunshot wound, powder burn, or other injury arising from or caused by the discharge of a firearm, or an injury caused by a knife, an ice pick, or any other sharp or pointed instrument which federal, state, or local law enforcement authorities reasonably believe to have been intentionally inflicted upon a person, or a blunt force injury that federal, state, or local law enforcement authorities reasonably believe resulted from a criminal act, the following information, if known:
(i) The name of the patient;
(ii) The patient's residence;
(iii) The patient's sex;
(iv) The patient's age;
(v) The patient's condition;
(vi) The patient's diagnosis, or extent and location of injuries as determined by a health care provider;
(vii) Whether the patient was conscious when admitted;
(viii) The name of the health care provider making the determination in (c)(v), (vi), and (vii) of this subsection;
(ix) Whether the patient has been transferred to another facility; and
(x) The patient's discharge time and date;
(d) To county coroners and medical examiners for the investigations of deaths;
(e) Pursuant to compulsory process in accordance with RCW 70.02.060.
(3) All state or local agencies obtaining patient health care information pursuant to this section shall adopt rules establishing their record acquisition, retention, and security policies that are consistent with this chapter.
[2007 c 156 § 12; 2006 c 235 § 3; 2005 c 468 § 4; 1998 c 158 § 1; 1993 c 448 § 4; 1991 c 335 § 204.]
Notes: Purpose -- 2006 c 235: "The purpose of this act is to aid law enforcement in combating crime through the rapid identification of all persons who require medical treatment as a result of a criminal act and to assist in the rapid identification of human remains." [2006 c 235 § 1.]
Effective date -- 2006 c 235: "This act is necessary for the immediate preservation of the public peace, health, or safety, or support of the state government and its existing public institutions, and takes effect immediately [March 27, 2006]." [2006 c 235 § 5.]
Effective date -- 1993 c 448: See note following RCW 70.02.010.