Standardizing Hipaa Authorization Requirements?

Standardizing Hipaa Authorization Requirements?

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) requires the following core elements for a valid authorization:

  • A meaningful description of the information to be disclosed
  • Name of the individual authorizing the disclosure
  • The name or identification of the recipient of the information
  • A description of each purpose of the disclosure
  • An expiration date for the authorized disclosure
  • A signature from the individual authorizing the disclosure

Click HERE to view the HHS website and learn more

Contact Us

The Health Insurance Portability and Accountability Act (HIPAA) lays out three rules for protecting patient health information

  • The Privacy Rule
    The Privacy Rule
  • The Security Rule
    The Security Rule
  • The Breach Notification Rule
    The Breach Notification Rule

The Privacy Rule defines “Protected Health Information” (PHI) as: all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral.

Healthcare entities covered by HIPAA include:

  • Health plans
  • Health care clearinghouses 
  • The Breach Notification Rule

The Privacy Rule

The standards set by the Privacy rule address subjects such as:

  • Which organizations must follow the HIPAA standards
  • What is protected health information (PHI)
  • How organizations can share and use PHI
  • Permitted usage and disclosure of PHI
  • Patient’s rights over their health information

Usage and disclosure limitations

The privacy rule restricts the usage of health information, which could identify a person (PHI). Covered entities cannot use or disclose PHI unless:

  • It’s permitted under the Privacy rule, or
  • The individual has authorized it in writing.