Health Care Department Operations Manual

Chapter 2 – Patients’ Entitlements and Responsibilities

Article 2 – Confidentiality and Privacy

View All Sections >

2.2.6 Use and Disclosure of Protected Health Information: Special Exceptions

  • Policy

    • California Correctional Health Care Services (CCHCS) workforce members may use or disclose Protected Health Information (PHI) based on specified exceptions in the law which authorize disclosure without patient authorization.

  • Use and Disclosure of PHI

    • General Rules

    • When Patient Authorization is Not Required

      • PHI may be used or disclosed without a valid authorization pursuant to an exception required or permitted by law.  All disclosures of health records under this policy shall be performed by Health Information Management (HIM) workforce members in accordance with HIM policies and procedures including requirements related to tracking of disclosures pursuant to the HCDOM, Section 2.3.4, Release of Protected Health Information, and HCDOM, Section 2.2.18, Accounting of Disclosures for Patients’ Protected Health Information.

      • CCHCS workforce members may use or disclose PHI without patient authorization for reasons other than for TPO including, but not limited to:

        • PHI when required to do so by federal, state, or local law.

        • When the use or disclosure is otherwise specifically permitted by law including, for example, the voluntary reporting to the U.S. Food and Drug Administration of adverse events related to drug products or medical device problems.

        • A coroner or medical examiner for the purpose of identifying a deceased person, determining a cause of death, or conducting other duties authorized by law pursuant to the HCDOM, Section 2.2.13, Handling Protected Health and Personally Identifiable Information.

        • Health oversight activities authorized by law, including audits; civil, criminal, or administrative investigations, prosecutions, or actions; and licensing or disciplinary actions pursuant to the HCDOM, Section 2.2.16, Health Oversight.

        • Judicial or administrative proceedings, in response to an order of a court, a valid subpoena, search warrant, or other lawful process unless prohibited or otherwise limited by federal or state law applicable to the program or activity requirements.

        • Limited law enforcement purposes, to the extent authorized by applicable federal or state law, CCHCS workforce members may report certain injuries or wounds; provide information to identify or locate a suspect, victim, or witness; alert law enforcement of a death because of criminal conduct; and provide information which constitutes evidence of criminal conduct on CCHCS premises pursuant to the HCDOM, Section 2.2.13, Handling Protected Health and Personally Identifiable Information.

        • Organ procurement organizations or other entities engaged in procuring, banking, or transplantation of cadaver organs, eyes, or tissue for the purpose of facilitating transplantation.

        • A local health department for the purpose of preventing or controlling disease, injury, or disability including, but not limited to, the reporting of disease, injury, vital events, including death, and the conduct of public health surveillance, public health investigations, and public health interventions as authorized or required by federal or state law or regulations.

        • Entities providing mere courier services without requiring routine access to such PHI, e.g., the U.S. Postal Service or General Logistics Systems and their electronic equivalents, such as internet service providers providing mere data transmission services.

  • References

    • Code of Federal Regulations, Title 45, Subtitle A, Subchapter C, Part 164, Subpart E, Section 164.512 – Uses and disclosures for which an authorization or opportunity to agree or object is not required

    • California Civil Code, Division 1, Part 2.6, Chapter 2, Section 56.10

    • Health Care Department Operations Manual, Chapter 2, Article 2, Section 2.2.1, General Use and Disclosure of Protected Health Information

    • Health Care Department Operations Manual, Chapter 2, Article 2, Section 2.2.2, Use and Disclosure of Protected Health Information Based on Patient Authorization

    • Health Care Department Operations Manual, Chapter 2, Article 2, Section 2.2.13, Handling Protected Health and Personally Identifiable Information

    • Health Care Department Operations Manual, Chapter 2, Article 2, Section 2.2.16, Health Oversight

    • Health Care Department Operations Manual, Chapter 2, Article 3, Health Information Management

    • Health Care Department Operations Manual, Chapter 5, Article 3, Section 5.3.25, Security and Privacy Awareness Training

    • Statewide Health Information Policy Manual, Section 2.2.0, Uses and Disclosures

    • Statewide Health Information Policy Manual, Section 2.3.0, Specially Protected Information

  • Policy Control
    Executive Sponsor: Deputy Director, Policy and Risk Management Services
    Effective: 02/2012
    Revised: 05/20/2024, 06/17/2026
    Reviewed: 12/09/2025