(1) Except as authorized elsewhere in this chapter, a health care provider, an individual who assists a health care provider in the delivery of health care, or an agent and employee of a health care provider may not disclose health care information about a patient to any other person without the patient's written authorization. A disclosure made under a patient's written authorization must conform to the authorization.
(2) A patient has a right to receive an accounting of disclosures of health care information made by a health care provider or a health care facility in the six years before the date on which the accounting is requested, except for disclosures:
(a) To carry out treatment, payment, and health care operations;
(b) To the patient of health care information about him or her;
(c) Incident to a use or disclosure that is otherwise permitted or required;
(d) Pursuant to an authorization where the patient authorized the disclosure of health care information about himself or herself;
(e) Of directory information;
(f) To persons involved in the patient's care;
(g) For national security or intelligence purposes if an accounting of disclosures is not permitted by law;
(h) To correctional institutions or law enforcement officials if an accounting of disclosures is not permitted by law; and
(i) Of a limited data set that excludes direct identifiers of the patient or of relatives, employers, or household members of the patient.
[ 2014 c 220 § 5; 2013 c 200 § 2; 2005 c 468 § 2; 1993 c 448 § 2; 1991 c 335 § 201.]
NOTES:
Effective date—2014 c 220: See note following RCW 70.02.290.
Effective date—2013 c 200: See note following RCW 70.02.010.
Effective date—1993 c 448: See note following RCW 70.02.010.