The HIPAA Privacy Rule, which has been in effective since April 14, 2003, brought forth standards covering the permittable uses and disclosures of health information, including to whom information can be disclosed and under what circumstances protected health information (PHI) can be shared.
HIPAA Journal’s recent article entitled “What is HIPAA Authorization?” says that, generally, permitted uses and disclosures are for treatment, payment, or health care operations, and reporting issues, such as domestic abuse to public health agencies.
HIPAA authorization is consent from a patient or health plan member that lets a covered entity or business associate use or disclose PHI to an individual/entity for a purpose that would otherwise not be allowed by the HIPAA Privacy Rule.
Without HIPAA authorization, this use or disclosure of PHI would violate HIPAA Rules and could result in a severe financial penalty. It may even criminal.
Federal regulations detail the uses and disclosures of PHI that require an authorization to be obtained from a patient or plan member before info can be shared or used. HIPAA authorization is required for:
- Use or disclosure of PHI otherwise not permitted by the HIPAA Privacy Rule;
- Use or disclosure of PHI for marketing purposes, except when communication occurs face to face between the covered entity and the individual or when the communication involves a promotional gift of nominal value;
- Use or disclosure of psychotherapy notes other than for specific treatment, payment, or health care operations;
- Use or disclosure of substance abuse and treatment records;
- Use or disclosure of PHI for research purposes; and
- Prior to the sale of protected health information.
A HIPAA authorization is a detailed document in which specific uses and disclosures of protected health are explained in full.
By signing the authorization, a person is giving their consent to have their health information used or disclosed for the reasons stated on the authorization.
Reference: HIPAA Journal (Oct. 9, 2021) “What is HIPAA Authorization?”
