Which are instances where PHI can be disclosed without patient consent and the patient cannot object?

The disclosure of protected health information (PHI) without patient consent and in situations where the patient cannot object falls under specific circumstances defined by HIPAA. The correct instance is related to public interest and law enforcement purposes, which are important as they handle situations that affect public safety or involve regulatory compliance.

In the context of public interest, PHI can be disclosed in cases such as reporting certain diseases, preventing serious threats to health or safety, or situations where law enforcement needs access to health information related to investigations or legal proceedings. These provisions allow healthcare providers to share necessary information with authorities without requiring patient consent, as the need for protecting public interest or fulfilling legal obligations takes precedence.

Other options, while they may involve some aspects of sharing health information, do not fit the criteria for mandatory disclosure without consent. For example, notification of friends or family typically involves patient consent, operational use by healthcare workers is usually done under the notion of treatment or healthcare operations that still respect patient privacy, and incidental disclosures are those that occur as a byproduct of an otherwise permissible use or disclosure of PHI, which are generally allowed but with safeguards in place to minimize such incidents.