Montana Code Annotated 2023

TITLE 50. HEALTH AND SAFETY

CHAPTER 16. HEALTH CARE INFORMATION

Part 5. Uniform Health Care Information

Disclosure Without Patient's Authorization Based On Need To Know

50-16-529. Disclosure without patient's authorization based on need to know. A health care provider may disclose health care information about a patient without the patient's authorization, to the extent a recipient needs to know the information, if the disclosure is:

(1) to a person who is providing health care to the patient;

(2) to any other person who requires health care information for health care education; to provide planning, quality assurance, peer review, or administrative, legal, financial, or actuarial services to the health care provider; for assisting the health care provider in the delivery of health care; or to a third-party health care payor who requires health care information and if the health care provider reasonably believes that the person will:

(a) not use or disclose the health care information for any other purpose; and

(b) take appropriate steps to protect the health care information;

(3) to any other health care provider who has previously provided health care to the patient, to the extent necessary to provide health care to the patient, unless the patient has instructed the health care provider not to make the disclosure;

(4) to immediate family members of the patient or any other individual with whom the patient is known to have a close personal relationship, if made in accordance with the laws of the state and good medical or other professional practice, unless the patient has instructed the health care provider not to make the disclosure;

(5) to a health care provider who is the successor in interest to the health care provider maintaining the health care information;

(6) for use in a research project that an institutional review board has determined:

(a) is of sufficient importance to outweigh the intrusion into the privacy of the patient that would result from the disclosure;

(b) is impracticable without the use or disclosure of the health care information in individually identifiable form;

(c) contains reasonable safeguards to protect the information from improper disclosure;

(d) contains reasonable safeguards to protect against directly or indirectly identifying any patient in any report of the research project; and

(e) contains procedures to remove or destroy at the earliest opportunity, consistent with the purposes of the project, information that would enable the patient to be identified, unless an institutional review board authorizes retention of identifying information for purposes of another research project;

(7) to a person who obtains information for purposes of an audit, if that person agrees in writing to:

(a) remove or destroy, at the earliest opportunity consistent with the purpose of the audit, information that would enable the patient to be identified; and

(b) not disclose the information further, except to accomplish the audit or to report unlawful or improper conduct involving fraud in payment for health care by a health care provider or patient or other unlawful conduct by a health care provider;

(8) to an official of a penal or other custodial institution in which the patient is detained; and

(9) to any contact, as defined in 50-16-1003, if the health care provider reasonably believes that disclosure will avoid or minimize an imminent danger to the health or safety of the contact or any other individual.

History: En. Sec. 9, Ch. 632, L. 1987; amd. Sec. 3, Ch. 657, L. 1989; amd. Sec. 6, Ch. 544, L. 1991.