In what situation can PHI be disclosed without authorization?

The correct answer pertains to the situation where disclosing Protected Health Information (PHI) can occur to prevent harm to the client. Under HIPAA, there are specific provisions that allow for the disclosure of PHI without the individual's authorization when there is a substantial risk of harm. This is rooted in the principle of protecting individuals and promoting their safety.

For instance, if a healthcare professional believes that a patient may be a threat to themselves or others, they may disclose necessary information to prevent that harm, complying with legal and ethical standards. This helps ensure that necessary actions can be taken to protect vulnerable individuals and provide timely interventions.

In contrast, disclosing PHI for marketing purposes generally requires patient authorization because it does not fall under the exceptions allowed by HIPAA. Similarly, while a patient can request their own health information, that scenario does not imply a disclosure without authorization to third parties. During investigations, while disclosures may occur, they typically do so under specific legal procedures or regulatory oversight, which still respects the framework of patient confidentiality and rights.