If the information is released to another covered entity or the business associate of a covered entity, your PHI will still be covered by HIPAA. If you release the information to someone who is not covered by HIPAA, then the HIPAA protections will be lost. The information will be still be subject to other privacy laws, but these can be waived by the authorization.

If the release says that the information can be used in whatever way the entity wants, then it can disclose the information to others and may even be able to make it public. You should carefully read any authorizations you are asked to sign to release your PHI. If the authorization does not limit the further disclosure of your PHI, you could lose control on the information. Even if your authorization has an expiration data, this only affects the release of information after the expiration date. The entity who received your data under the authorization can continue to use it after the expiration date, it just cannot get more information about you. You also have some rights to tell the entity that received the information to stop using it, unless you have waived the right to further control of the PHI after release.

Even if you have reserved the right to stop further use of the information, researchers have a right to keep using the information if it is critical to their study. For example, assume you participate in the clinical trial of an important new cancer drug. The trial is a success and the drug company is applying to the FDA for a license to market the drug. This permit, as described in the FDA section, requires the FDA to review the clinical trial data to assure that the drug is safe and effective. If your data has to be removed from the clinical database, it will could make the necessary analysis impossible and keep the drug from being approved.