HIPAA Privacy Rule - Authorization
A covered entity must obtain the individual’s written authorization for any use or disclosure of protected health information that is not for treatment, payment or health care operations or otherwise permitted or required by the HIPAA Privacy Rule.
An authorization must be written in specific terms. It may allow use and disclosure of protected health information by the covered entity seeking the authorization, or by a third party.
Examples of disclosures that would require an individual's authorization include:
- disclosures to a life insurer for coverage purposes,
- disclosures to an employer of the results of a pre-employment physical or lab test, or
- disclosures to a pharmaceutical firm for their own marketing purposes.
All authorizations must be in plain language, and contain specific information regarding the information to be disclosed or used, the person(s) disclosing and receiving the information, expiration, right to revoke in writing, and other data.
The Privacy Rule contains transition provisions applicable to authorizations and other express legal permissions obtained prior to April 14, 2003.
HIPAA compliance requirements for Electronic Health Records (EHR) - Stage 1 and Stage 2 Meaningful Use Attestation
Risk Analysis - Meaningful Use Stage I objectives - privacy and security of protected health information (PHI)
Requirements, the risks, and the issues in using mobile devices - social networking for patient communications
New HIPAA Breach Notification rules-tips for preventing and preparing for breaches-the new penalties for non compliance- how to prepare for HIPAA audits
Significant changes to the HIPAA rules for Business Associates - the new challenges for HIPAA Covered Entities and Business Associates - new risks for non-compliance and penalties
