(1) A health care provider or health care facility may disclose
health care information about a patient without the patient's
authorization to the extent a recipient needs to know the
information, if the disclosure is:
(a) To a person who the provider or facility reasonably
believes is providing health care to the patient;
(b) To any other person who requires health care information
for health care education, or to provide planning, quality
assurance, peer review, or administrative, legal, financial,
actuarial services to, or other health care operations for or on
behalf of the health care provider or health care facility; or
for assisting the health care provider or health care facility in
the delivery of health care and the health care provider or
health care facility reasonably believes that the person:
(i) Will not use or disclose the health care information for
any other purpose; and
(ii) Will take appropriate steps to protect the health care
information;
(c) To any other health care provider or health care
facility reasonably believed to have previously provided health
care to the patient, to the extent necessary to provide health
care to the patient, unless the patient has instructed the health
care provider or health care facility in writing not to make the
disclosure;
(d) To any person if the health care provider or health care
facility reasonably believes that disclosure will avoid or
minimize an imminent danger to the health or safety of the
patient or any other individual, however there is no obligation
under this chapter on the part of the provider or facility to so
disclose;
(e) To immediate family members of the patient, including a
patient's state registered domestic partner, or any other
individual with whom the patient is known to have a close
personal relationship, if made in accordance with good medical or
other professional practice, unless the patient has instructed
the health care provider or health care facility in writing not
to make the disclosure;
(f) To a health care provider or health care facility who is
the successor in interest to the health care provider or health
care facility maintaining the health care information;
(g) For use in a research project that an institutional
review board has determined:
(i) Is of sufficient importance to outweigh the intrusion
into the privacy of the patient that would result from the
disclosure;
(ii) Is impracticable without the use or disclosure of the
health care information in individually identifiable form;
(iii) Contains reasonable safeguards to protect the
information from redisclosure;
(iv) Contains reasonable safeguards to protect against
identifying, directly or indirectly, any patient in any report of
the research project; and
(v) Contains procedures to remove or destroy at the earliest
opportunity, consistent with the purposes of the project,
information that would enable the patient to be identified,
unless an institutional review board authorizes retention of
identifying information for purposes of another research project;
(h) To a person who obtains information for purposes of an
audit, if that person agrees in writing to:
(i) Remove or destroy, at the earliest opportunity
consistent with the purpose of the audit, information that would
enable the patient to be identified; and
(ii) Not to disclose the information further, except to
accomplish the audit or report unlawful or improper conduct
involving fraud in payment for health care by a health care
provider or patient, or other unlawful conduct by the health care
provider;
(i) To an official of a penal or other custodial institution
in which the patient is detained;
(j) To provide directory information, unless the patient has
instructed the health care provider or health care facility not
to make the disclosure;
(k) To fire, police, sheriff, or another public authority,
that brought, or caused to be brought, the patient to the health
care facility or health care provider if the disclosure is
limited to the patient's name, residence, sex, age, occupation,
condition, diagnosis, estimated or actual discharge date, or
extent and location of injuries as determined by a physician, and
whether the patient was conscious when admitted;
(l) To federal, state, or local law enforcement authorities
and the health care provider, health care facility, or
third-party payor believes in good faith that the health care
information disclosed constitutes evidence of criminal conduct
that occurred on the premises of the health care provider, health
care facility, or third-party payor;
(m) To another health care provider, health care facility,
or third-party payor for the health care operations of the health
care provider, health care facility, or third-party payor that
receives the information, if each entity has or had a
relationship with the patient who is the subject of the health
care information being requested, the health care information
pertains to such relationship, and the disclosure is for the
purposes described in RCW 70.02.010(8) (a) and (b); or
(n) For payment.
(2) A health care provider shall disclose health care
information about a patient without the patient's authorization
if the disclosure is:
(a) To federal, state, or local public health authorities,
to the extent the health care provider is required by law to
report health care information; when needed to determine
compliance with state or federal licensure, certification or
registration rules or laws; or when needed to protect the public
health;
(b) To federal, state, or local law enforcement authorities
to the extent the health care provider is required by law;
(c) To federal, state, or local law enforcement authorities,
upon receipt of a written or oral request made to a nursing
supervisor, administrator, or designated privacy official, in a
case in which the patient is being treated or has been treated
for a bullet wound, gunshot wound, powder burn, or other injury
arising from or caused by the discharge of a firearm, or an
injury caused by a knife, an ice pick, or any other sharp or
pointed instrument which federal, state, or local law enforcement
authorities reasonably believe to have been intentionally
inflicted upon a person, or a blunt force injury that federal,
state, or local law enforcement authorities reasonably believe
resulted from a criminal act, the following information, if
known:
(i) The name of the patient;
(ii) The patient's residence;
(iii) The patient's sex;
(iv) The patient's age;
(v) The patient's condition;
(vi) The patient's diagnosis, or extent and location of
injuries as determined by a health care provider;
(vii) Whether the patient was conscious when admitted;
(viii) The name of the health care provider making the
determination in (c)(v), (vi), and (vii) of this subsection;
(ix) Whether the patient has been transferred to another
facility; and
(x) The patient's discharge time and date;
(d) To county coroners and medical examiners for the
investigations of deaths;
(e) Pursuant to compulsory process in accordance with RCW 70.02.060.
(3) All state or local agencies obtaining patient health
care information pursuant to this section shall adopt rules
establishing their record acquisition, retention, and security
policies that are consistent with this chapter.
[2007 c 156 § 12; 2006 c 235 § 3; 2005 c 468 § 4; 1998 c 158 § 1; 1993 c 448 § 4; 1991 c 335 § 204.]
NOTES:
Purpose -- 2006 c 235: "The purpose of this act is to aid law enforcement in combating crime through the rapid identification of all persons who require medical treatment as a result of a criminal act and to assist in the rapid identification of human remains." [2006 c 235 § 1.]
Effective date -- 2006 c 235: "This act is necessary for the immediate preservation of the public peace, health, or safety, or support of the state government and its existing public institutions, and takes effect immediately [March 27, 2006]." [2006 c 235 § 5.]
Effective date -- 1993 c 448: See note following RCW 70.02.010.