Protected health information (PHI) disclosures for treatment purposes

Debunking Regulatory Myths-series only

This resource is part of the AMA's Debunking Regulatory Myths series, supporting AMA's practice transformation efforts to provide physicians and their care teams with resources to reduce guesswork and administrative burdens.



HIPAA requires that health care providers obtain patient authorization to disclose protected health information (PHI) for treatment purposes.

Protected health information regulatory myth

Does HIPAA require that health care providers obtain patient authorization to disclose protected health information (PHI) for treatment purposes?

Apart from psychotherapy notes–in which specific requirements apply–health care providers are not required to procure authorization or consent from patients to disclose PHI to another clinician or clinical entity for treatment purposes under HIPAA, as the HIPAA Privacy Rule permits such disclosures to facilitate patient care.

Debunking Regulatory Myths CME

Interested in earning CME credit for this myth? Start now on AMA Ed Hub™. 

  1. Department of Health and Human Services. Section 164.506 - Uses and Disclosures to Carry out Treatment, Payment, or Health Care Operations.; 2003. Accessed October 12, 2022.
  2. Office for Civil Rights. Does a physician need a patient’s written authorization to send a copy of the patient’s medical record to a specialist or other health care provider who will treat the patient? Published December 19, 2002. Accessed October 12, 2022.
  3. Office for Civil Rights HIPPA Privacy. Uses and Disclosures for Treatment, Payment, and Health Care Operations. Published December 3, 2003. Accessed October 12, 2022.

Visit the overview page for information on additional myths.

Submit your regulatory myth

AMA seeks to aid physicians and care teams by helping them understand medical regulatory requirements. Help us help you—submit a myth you'd like clarification on.

Disclaimer: The AMA's Debunking Regulatory Myths (DRM) series is intended to convey general information only, based on guidance issued by applicable regulatory agencies, and not to provide legal advice or opinions. The contents within DRM should not be construed as, and should not be relied upon for, legal advice in any particular circumstance or fact situation. An attorney should be contacted for advice on specific legal issues.

Page last reviewed in January 2023.