Accounting of Non-Authorized Disclosures Policy

Effective date of policy: April 14, 2003

Protected health information (PHI) may be disclosed without patient authorization ("non-authorized") in certain circumstances. These include but are not limited to:

• Public health authority
• The FDA
• As authorized by state or federal law

PRC is not required to account for disclosures made: to the individual to which the information pertains, for treatment, payment or health care operations; when authorization is given, to persons involved in the patient's care, for national security or intelligence; to correctional institutions or law enforcement officials, as part of a limited data set or that occurred prior to April 14, 2003.

If PRC makes certain non-authorized disclosures, it will keep a log of the disclosures for six (6) years. An accounting must include: the date of disclosure, the name of the entity or person who received the PHI, person's address, a brief description of the PHI disclosed, and a brief statement of purpose for the disclosure.

You may request, in writing, an accounting of any non-authorized disclosures of his PHI. You are allowed one accounting per year at no charge. If you request frequent disclosures, PRC may charge for this service, PROVIDED you are informed of the approximate charge in advance and agree to it. PRC must retain documentation of any accounting made to an individual.

PRC will respond to the request for accounting within 60 days of the request, but may have a one-time 30-day extension in which to respond to or comply with the request.