6/22/2017 Fast Facts for Covered Entities | HHS.gov https://www.hhs.gov/hipaa/forprofessionals/coveredentities/fastfacts/index.html 1/3 HHS.gov Fast Facts for Covered Entities The Privacy Rule provides federal protections for personal health information held by covered entities, and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes. The Privacy Rule does not require you to obtain a signed consent form before sharing information for treatment purposes. Health care providers can freely share information for treatment purposes without a signed patient authorization. The Privacy Rule does not require you to eliminate all incidental disclosures. The Privacy Rule recognizes that it is not practicable to eliminate all risk of incidental disclosures. In August 2002, specific modifications to the Rule were adopted to clarify that incidental disclosures do not violate the Privacy Rule when you have policies which reasonably safeguard and appropriately limit how protected health information is used and disclosed. The Privacy Rule does not cut off all communications between you and the families and friends of patients. As long as the patient does not object, The Privacy Rule permits you to: share needed information with family, friends, or anyone else a patient identifies as involved in his or her care; […]