In general terms, permitted uses and disclosures are for treatment, payment, or health care operations. HIPAA authorization is required for:. A HIPAA authorization is a detailed document in which specific uses and disclosures of protected health are explained in full. By signing the authorization, an individual is giving consent to have their health information used or disclosed for the reasons stated on the authorization.
Any use or disclosure by the covered entity or business associate must be consistent with what is stated on the form. A valid authorization under this section must contain at least the following elements:.
The statement "at the request of the individual" is a sufficient description of the purpose when an individual initiates the authorization and does not, or elects not to, provide a statement of the purpose. The statement "end of the research study," "none," or similar language is sufficient if the authorization is for a use or disclosure of protected health information for research, including for the creation and maintenance of a research database or research repository.
If the authorization is signed by a personal representative of the individual, a description of such representative's authority to act for the individual must also be provided. In addition to the core elements, the authorization must contain statements adequate to place the individual on notice of all of the following:. A The exceptions to the right to revoke and a description of how the individual may revoke the authorization; or.
A The covered entity may not condition treatment, payment, enrollment or eligibility for benefits on whether the individual signs the authorization when the prohibition on conditioning of authorizations in paragraph b 4 of this section applies; or. B The consequences to the individual of a refusal to sign the authorization when, in accordance with paragraph b 4 of this section, the covered entity can condition treatment, enrollment in the health plan, or eligibility for benefits on failure to obtain such authorization.
The authorization must be written in plain language. The information disclosed per the authorization may be subject to redisclosure by the recipient and no longer protected by HIPAA. Marketing or Sale of PHI. If the authorization is to permit the use or disclosure of PHI for purposes of marketing as defined by HIPAA or the sale of PHI, and the provider will receive remuneration for the PHI, the authorization must notify the patient that the provider will receive the remuneration.
The authorization and its required elements must be completely filled out, i. The authorization must be written in plain language.
Give the Patient a Copy. If the provider is requesting the authorization from the patient, the provider must give the patient or personal representative a signed copy of the authorization. Retain the Authorization. The provider must retain a copy of the authorization for six years. You May Also Enjoy. LinkedIn Twitter.
0コメント