Skip to content
September 29, 2023
Blogolu

Blogolu

A Directory of Wonderful Things

Primary Menu Blogolu

Blogolu

  • Health and Fitness
  • Newsbeat
  • Compliance
  • Business
  • Food
  • Photography
  • WordPress
  • World
  • Questions & Answer

May a HIPAA covered entity or its business associate disclose protected health information (PHI) for purposes of cybersecurity information-sharing of cyber threat indicators?

1.00K viewsOctober 10, 2022Hospital and Healthcare
0
Sam Smith11.38K December 30, 2020 0 Comments

1 Answer

  • Active
  • Voted
  • Newest
  • Oldest
0
Blogolu28.38K Posted December 30, 2020 0 Comments

No, unless the disclosure is otherwise permitted under the HIPAA Privacy Rule, particularly given that cyber threat indicators do not generally include PHI.

The Cybersecurity Information Sharing Act of 2015 (CISA) describes cyber threat indicators as information that is necessary to describe or identify: malicious reconnaissance; methods of defeating a security control or exploitation of a security vulnerability; a security vulnerability; methods of causing a user with legitimate access to defeat of a security control or exploitation of a security vulnerability; malicious cyber command and control; a description of actual or potential harm caused by an incident; any other attribute of a cybersecurity threat, if disclosure of such attribute is not otherwise prohibited by law; or any combination thereof.

The disclosure of cyber threat indicators for cyber information sharing is meant to alert other entities and the federal government to possible or actual threats or vulnerabilities to information systems, and to generally describe possible harms from such threats or vulnerabilities. Such information may include, as described above, technical, physical, or administrative specifications regarding threats to such systems, or vulnerabilities in such systems, and a general description of the harm caused by exploitation of these specifications.

The disclosure of PHI generally is not needed to describe such threats or vulnerabilities. Further, HIPAA would not permit such disclosures unless specific conditions provided in the HIPAA Privacy Rule were met, specifically, an authorization from the individual or the requirements of an applicable permission for disclosure under the Rule.

For example, the HIPAA Privacy Rule in 45 CFR § 164.512 permits covered entities and business associates to disclose PHI to law enforcement officials, without the individual’s written authorization, if specific conditions and limitations are met, including:

• To comply with a court order or court-ordered warrant, a subpoena or summons issued by a judicial officer, or a grand jury subpoena (45 CFR 164.512(f)(1)(ii)(A)-(B)).
• To respond to an administrative request, such as an administrative subpoena or investigative demand or other written request from a law enforcement official, that includes or is accompanied by a written statement that the information requested is relevant and material, specific and limited in scope, and de-identified information cannot be used (45 CFR 164.512(f)(1)(ii)(C)).
• To respond to a request for limited PHI for purposes of identifying or locating a suspect, fugitive, material witness or missing person (45 CFR 164.512(f)(2)).
• To respond to a request for PHI about a victim of a crime, and the victim agrees (45 CFR 164.512(f)(3)).
• To report PHI to law enforcement when required by law to do so (45 CFR 164.512(f)(1)(i)).
• To alert law enforcement to the death of the individual, when there is a suspicion that death resulted from criminal conduct (45 CFR 164.512(f)(4)).
• To report PHI that the covered entity in good faith believes to be evidence of a crime that occurred on the covered entity’s premises (45 CFR 164.512(f)(5)).
• When responding to an off-site medical emergency, as necessary to alert law enforcement about criminal activity, specifically, the commission and nature of the crime, the location of the crime or any victims, and the identity, description, and location of the perpetrator of the crime (45 CFR 164.512(f)(6)).
• To federal officials authorized to conduct intelligence, counter-intelligence, and other national security activities under the National Security Act (45 CFR 164.512(k)(2)) or to provide protective services to the President and others and conduct related investigations (45 CFR 164.512(k)(3)).
Absent a provision in the Rule expressly permitting disclosure of PHI, such as outlined above, an individual’s authorization would be required for the disclosure of the individual’s PHI.

You are viewing 1 out of 1 answers, click here to view all answers.
Register or Login

Other Categories

  • Art and Design
  • Blogolu
  • Book and Writing
  • Business
  • Compliance
  • Cricket
  • Entertainment
  • Fashion and Beauty
  • FDA
  • Finance
  • Food
  • Graphic Design
  • Health and Fitness
  • Home Services
  • ISO
  • ISO 2768
  • Lifestyle
  • Medical Devices
  • Newsbeat
  • OSHA
  • Photography
  • Science
  • Smart Phones
  • Stories
  • Tech
  • Travel
  • USA
  • WordPress
  • World
  • Latest
  • Popular
  • Trending
    • Finance

    Demystifying Sarbanes-Oxley Act (SOX: A Guide to Financial Transparency and Corporate Accountability

    Blogolu September 19, 2023 0
    • ISO

    ISO 13485:2016 – Ensuring Quality in Medical Device Manufacturing

    Blogolu September 18, 2023 0
    • Medical Devices

    Innovations in Medical Devices: Shaping the Future of Healthcare

    Blogolu September 17, 2023 0
    • FDA

    Navigating FDA Inspections: A Guide to Ensuring Compliance and Success

    Blogolu September 16, 2023 0
    • ISO 2768

    Understanding ISO 2768: The Standard for General Tolerances in Manufacturing

    Blogolu September 15, 2023 0
    • Finance

    Demystifying Sarbanes-Oxley Act (SOX: A Guide to Financial Transparency and Corporate Accountability

    Blogolu September 19, 2023 0
    • Health and Fitness
    • Newsbeat
    • Stories

    America’s abortion ban will effect women everywhere

    Sam Smith July 20, 2022 0
    • Health and Fitness

    Everything you need to know about BEDOYECTA TRI (HYDROXOCOBALAMIN, VITAMIN B1, VITAMIN B6)

    Sam Smith July 20, 2022 0
    • Book and Writing

    How to Write a Book – Beginners Guide

    Sam Smith July 20, 2022 0
    • Photography

    Tips for Capturing the Night Sky with Your Smartphone

    Sam Smith July 20, 2022 0
    • Finance

    Demystifying Sarbanes-Oxley Act (SOX: A Guide to Financial Transparency and Corporate Accountability

    Blogolu September 19, 2023 0
    • ISO

    ISO 13485:2016 – Ensuring Quality in Medical Device Manufacturing

    Blogolu September 18, 2023 0
    • Medical Devices

    Innovations in Medical Devices: Shaping the Future of Healthcare

    Blogolu September 17, 2023 0
    • FDA

    Navigating FDA Inspections: A Guide to Ensuring Compliance and Success

    Blogolu September 16, 2023 0
    • ISO 2768

    Understanding ISO 2768: The Standard for General Tolerances in Manufacturing

    Blogolu September 15, 2023 0

You may have missed

  • Finance

Demystifying Sarbanes-Oxley Act (SOX: A Guide to Financial Transparency and Corporate Accountability

Blogolu September 19, 2023 0
  • ISO

ISO 13485:2016 – Ensuring Quality in Medical Device Manufacturing

Blogolu September 18, 2023 0
  • Medical Devices

Innovations in Medical Devices: Shaping the Future of Healthcare

Blogolu September 17, 2023 0
  • FDA

Navigating FDA Inspections: A Guide to Ensuring Compliance and Success

Blogolu September 16, 2023 0
  • ISO 2768

Understanding ISO 2768: The Standard for General Tolerances in Manufacturing

Blogolu September 15, 2023 0

Blogolu

Blogolu is a bloging platform designed not only to inform readers, but to give complete information visibility of the topic and, ultimately, to push readers towards researched content of products, services, place or a thing. Blogolu blog post can vary in length but is usually design to provide complete information on any topic.

Trending Topics

Art and Design Blogolu Book and Writing Business Compliance Cricket Entertainment Fashion and Beauty FDA Finance Food Graphic Design Health and Fitness Home Services ISO ISO 2768 Lifestyle Medical Devices Newsbeat OSHA Photography Science Smart Phones Stories Tech Travel USA WordPress World
  • Facebook
  • LinkedIn
  • Twitter
  • Instagram
  • YouTube
Blogolu © All rights reserved |