Protected health information (PHI) disclosures for treatment purposes

This resource is part of the AMA's Debunking Regulatory Myths series, supporting AMA's practice transformation efforts to provide physicians and their care teams with resources to reduce guesswork and administrative burdens.

HIPAA requires that health care providers obtain patient authorization to disclose protected health information (PHI) for treatment purposes.

Apart from psychotherapy notes–in which specific requirements apply–health care providers are not required to procure authorization or consent from patients to disclose PHI to another clinician or clinical entity for treatment purposes under HIPAA, as the HIPAA Privacy Rule permits such disclosures to facilitate patient care.

• Patient Privacy and Confidentiality H-315.983

• Code of Federal Regulation Section 164.506- Uses and Disclosures to Carry Out Treatment, Payment, or Health Care Operations. Accessed October 2022.
• HHS Description of 45 CFR 164.506. Accessed October 2022.
• Download this myth: Protected health information disclosures for treatment purposes (PDF)

1. Department of Health and Human Services. Section 164.506 - Uses and Disclosures to Carry out Treatment, Payment, or Health Care Operations.; 2003. Accessed October 12, 2022. https://www.govinfo.gov/content/pkg/CFR-2003-title45-vol1/xml/CFR-2003-title45-vol1-sec164-506.xml
2. Office for Civil Rights. Does a physician need a patient’s written authorization to send a copy of the patient’s medical record to a specialist or other health care provider who will treat the patient? HHS.gov. Published December 19, 2002. Accessed October 12, 2022. https://www.hhs.gov/hipaa/for-professionals/faq/271/does-a-physician-need-written-authorization-to-send-medical-records-to-a-specialist/index.html
3. Office for Civil Rights HIPPA Privacy. Uses and Disclosures for Treatment, Payment, and Health Care Operations. HHS.gov. Published December 3, 2003. Accessed October 12, 2022. https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/disclosures-treatment-payment-health-care-operations/index.html

Visit the overview page for information on additional myths.

Disclaimer: The AMA's Debunking Regulatory Myths (DRM) series is intended to convey general information only, based on guidance issued by applicable regulatory agencies, and not to provide legal advice or opinions. The contents within DRM should not be construed as, and should not be relied upon for, legal advice in any particular circumstance or fact situation. An attorney should be contacted for advice on specific legal issues.

Page last reviewed in January 2023.