Under which scenario is it permissible to share PHI without patient authorization?

Sharing Protected Health Information (PHI) without patient authorization is permissible in specific circumstances outlined by HIPAA, one of which includes requests from law enforcement under certain conditions. Law enforcement officials may need PHI for various reasons, such as when investigating a crime or if there’s a legal requirement to provide information. However, there are strict guidelines governing these disclosures to ensure they are justified and do not violate patient privacy rights unnecessarily.

In the case of law enforcement requests, covered entities must determine the validity and necessity of the request. This means that the request must comply with legal standards and should not be overly broad. Situations that typically qualify might involve emergencies, health and safety threats, or legal matters where PHI is relevant.

Other scenarios, such as just sharing information when the patient isn't present or solely for quality improvement purposes without following established legal protocols, do not meet the required standards set forth by HIPAA. Similarly, merely asking for information by family members does not provide the necessary authorization for sharing PHI, as patients have a right to restrict who can access their healthcare information. Thus, the option regarding law enforcement stands out as the correct choice because it recognizes the legal allowance for sharing sensitive information under specific, justified conditions.