Whereas “Permitted Uses and Disclosures” for the HIPAA Privacy Rule allow covered entities (and other relevant parties) to disclose protected health information, “Authorized Uses and Disclosures” state that a covered entity (or other relevant party) must obtain the individual’s written authorization for any use or disclosure of protected health information that is not for treatment, payment or health care operations or otherwise permitted or required by the Privacy Rule. Additionally, a covered entity (or other relevant third party) may “…not condition treatment, payment, enrollment, or benefits eligibility on an individual granting an authorization, except in limited circumstances”. (source: www.hss.gov | Authorized Uses and Disclosures.
As for actual “authorization”, it must be written, in plain language, and in specific terms. Additionally, it must contain specific information regarding the information to be disclosed or used, the person(s) disclosing and receiving the information, expiration, right to revoke in writing, etc.
Download HIPAA Policies and Compliance Toolkits Today
hipaapoliciesandprocedures.com also offers industry leading HIPAA toolkits for both Covered Entities (CE) and Business Associates (BA) consisting of high-quality security policies and procedures, training material, readiness checklists and templates, essential legal forms, a HIPAA specific disaster recovery manual, and so much more. Learn about our industry leading HIPAA compliance toolkits today.