Contents
- Introduction
- What is an authorization for use and disclosure of protected health information?
- Why would you need an authorization for use and disclosure of protected health information?
- When is an authorization for use and disclosure of protected health information required?
- How to fill out an authorization for use and disclosure of protected health information
- What information is required on an authorization for use and disclosure of protected health information?
- How long is an authorization for use and disclosure of protected health information valid?
- Can an authorization for use and disclosure of protected health information be revoked?
- What are the consequences of not having an authorization for use and disclosure of protected health information?
- FAQs
If you’re handling protected health information (PHI), you’ll need to fill out an authorization for use and disclosure of PHI form. Here’s a step-by-step guide on how to do it.
Checkout this video:
Introduction
An authorization for the use and disclosure of protected health information, also known as a “HIPAA authorization,” is a document that allows covered entities to release an individual’s health information to third parties. The HIPAA Privacy Rule requires covered entities to obtain an individual’s written authorization for any uses or disclosures of protected health information that are not otherwise allowed by the Privacy Rule.
Covered entities may use and disclose protected health information without an individual’s authorization in certain circumstances, such as when the disclosure is required by law or when the disclosure is needed to provide emergency treatment. However, in most circumstances, a covered entity must have a valid authorization from the individual before it can use or disclose the individual’s protected health information.
An authorization must meet certain requirements in order to be valid. For example, an authorization must describe the specific uses and disclosures of protected health information that are authorized, and it must specify the duration of the authorization. In addition, an authorization must be signed by the individual (or his or her personal representative) and must contain certain required statements.
The Privacy Rule provides guidance on how to fill out a valid authorization form. Covered entities may use any format for their authorization forms as long as all of the required elements are present.
An authorization for use and disclosure of protected health information is a document that gives someone else permission to use or disclose your protected health information. Protected health information is any information about your health that is assigned a unique identifier (like your name or Social Security number) and that can be used to identify you. Examples of protected health information include your medical records, radiology films, and test results.
An authorization for use and disclosure of protected health information, also known as an “authorization to release information” or a “patient authorization form,” is a legal document that gives healthcare providers and others permission to use or share an individual’s protected health information (PHI).
There are many reasons why someone might need to provide such authorization. For example, a patient may need to give their doctor permission to share their PHI with a specialist, or they may need to authorize the release of their PHI to their insurance company.
Authorizations can be general, authorizing the use or disclosure of all PHI for a specific purpose, or they can be very specific, authorizing the use or disclosure of only certain PHI for a specific purpose.
An authorization is not required in all cases – there are many circumstances where the use or disclosure of PHI is allowed without patient authorization – but it is always best to err on the side of caution and get authorization whenever possible.
An authorization for use and disclosure of protected health information is required under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule for most uses and disclosures of protected health information. The Rule generally prohibits covered entities from using or disclosing protected health information without an individual’s written authorization, unless an exception applies.
The authorization for use and disclosure of protected health information is a form that must be completed by the individual who is requesting access to another person’s protected health information. The form must be signed by the individual and must be dated. The individual must also indicate whether they are requesting access to the protected health information for themselves or for another person.
The authorization for use and disclosure of protected health information must contain the following:
1. A description of the specific information that may be used and disclosed.
2. The name or other specific identification of the person or entity authorized to make the requested use or disclosure.
3. The name or other specific identification of the person or entity to whom disclosure is to be made.
4. An expiration date or event that relates to the individual or consideration that authorize the use and disclosure (for example, the individual’s death or termination of treatment).
5. A statement that information used or disclosed pursuant to the authorization may be subject to re-disclosure by the recipient and no longer protected by federal privacy regulations.
6. The signature of the individual who is authorizing the use or disclosure, as well as the date of signature.
An authorization for use and disclosure of protected health information (PHI) is generally valid for six months, unless it contains a shorter expiration date or it is revoked by the individual.
Yes. You may revoke an authorization for use and disclosure of protected health information at any time, in writing, by sending a notification of revocation to the covered entity that has the original authorization. The revocation will be effective as of the date you provide the notification, unless you specify a later date. However, if covered entity has already taken action in reliance on your authorization before it received your notification of revocation, your revocation will not affect any uses or disclosures that occurred prior to the receipt of your notification.
If you do not have an authorization for use and disclosure of protected health information, you may be subject to civil and criminal penalties.
FAQs
What is an authorization?
An authorization is a document that gives health care providers permission to use or disclose an individual’s protected health information (PHI). For example, an authorization may be needed in order for a provider to release PHI to a family member or to another health care provider.
What information does an authorization need?
An authorization must include the following information:
-The individual’s name and date of birth (or other identifier, if applicable)
-A description of the PHI that can be used or disclosed
-The name of the person or entity who is authorized to receive the PHI
-The signature of the individual, or his/her legal representative, authorizing the use or disclosure
-The expiration date of the authorization (if applicable)
-Other required information as specified by HIPAA
Can an authorization be revoked?
Yes. An individual has the right to revoke an authorization, in writing, at any time. However, revocation will not have any effect on disclosures that have already been made in reliance on the original authorization.
