(410 ILCS 305/9.2)
    Sec. 9.2. Uses and disclosures for health oversight activities.
    (a) Notwithstanding Sections 9 and 10 of this Act, a covered entity may disclose HIV-related information, without a patient's consent, to a health oversight agency for health oversight activities authorized by law, including audits, civil, administrative, or criminal investigations; inspections; licensure or disciplinary actions; civil administrative or criminal proceedings or actions; or other activities necessary for appropriate oversight of (i) the health care system; (ii) government benefit programs for which health information is relevant to beneficiary eligibility; (iii) entities subject to government regulatory programs for which health information is necessary for determining compliance with program standards; or (iv) entities subject to civil rights laws for which health information is necessary for determining compliance.
    (b) For purposes of the disclosures permitted by this Section, a health oversight activity does not include an investigation or other activity in which the individual is the subject of the investigation or activity and such investigation or other activity does not arise out of and is not directly related to (i) the receipt of health care; (ii) a claim for public benefits related to health; or (iii) qualification for, or receipt of, public benefits or services when a patient's health is integral to the claim for public benefits or services, except that, if a health oversight activity or investigation is conducted in conjunction with an oversight activity or investigation relating to a claim for public benefits not related to health, the joint activity or investigation is considered a health oversight activity for purposes of this Section.
    (c) If a covered entity is also a health oversight agency, the covered entity may use HIV-related information for health oversight activities permitted by this Section.
(Source: P.A. 98-1046, eff. 1-1-15.)