In today’s world of emergency care, we have a legal obligation to protect patient information - even in the emergent setting when it is often difficult to control. There are also specific rules under HIPAA as to what can be shared with others without the patient’s authorization. This session will cover the rules on requests for “protected health information” (PHI): from law enforcement, patients, attorneys, family members, insurance companies, other health care entities, and others. Steve Wirth will also discuss proper access to PHI - the concept of “role-based access” - and the use of PHI in quality improvement activities.