We know that the HIPAA email rules are designed to prevent unauthorized access to our medical records and provide for secure storage and transmission of anything to do with that kind of data. So we know who can't access our Personal Health Information, or PHI, but who can?

There are obviously times when our medical details need to be shared, such as when we need treatment of are applying for health insurance. These records will need to be accessed during the treatment of a patient and during the payment for that treatment. So hospitals, physicians, clinics and insurance companies are going to need to access PHI in these circumstance in order to provide their services to the patient. HIPAA and the HIPAA email laws address that specifically as the legislation is designed to allow the sharing of information among approved entities in order to speed up treatment.

PHI can also be disclosed for legal reasons. Patient records might serve as evidence during legal proceedings, be necessary in law enforcement investigations or even under the umbrella of national security. Any law enforcement agent or agency can apply for access to your PHI if it's pertinent to an ongoing investigation. That request doesn't have to be in writing either. The idea is to allow fast access to your medical records during or for any investigation or incident in order to speed things up. In part to assist you should anything happen, and partly to assist the state.

National security is big news, and will remain so for the foreseeable future. Any agency involved in national security can access your PHI for any reason they see fit.  HIPAA doesn't apply in the case of national security and agencies can request any information they like, about any individual, or group they see fit if it pertains to national security. The cynical amongst you might think this is a bad thing and that they will be studying your records while they build a dossier on you. In reality, every single agency in the country is running at full speed trying to keep up with genuine threats, let alone exploring potential ones.

There are other organizations who can also access your PHI that HIPAA email rules allow. Funeral directors is a good example or those entities who need to know certain things about a client before they can effectively provide their services. Others include workers comp, organ donor organizations, and even in medical research. In most research cases, the records are rendered anonymous and there is no recognizable link between the record and the person it relates to.

HIPAA had to strike a balance between securing patient data, enforcing HIPAA email rules while allowing those who need to access this information to do so quickly and effectively. While PHI is protected as much as possible from unauthorized access, it freely allows those organizations it sees fit to have access to your complete medical records.