HIPAA Compliance: Understanding Authorization for Health Information Release
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) contains strict standards regarding the release of an individual's health information without authorization. This act was an important milestone in protecting the privacy rights of patients.-
Privacy Rule
-
The rule governing the authorization of the release of patient health information is called the privacy rule. It was not part of the original HIPAA legislation, but was the result of a rule proposed by the Department of Health and Human Services, and was finalized on December 28, 2000.
Patient Authorization
-
A health care provider or other entity subject to the rule must obtain a patient's written authorization for any use or disclosure of protected health information. There are several exceptions to this, including whether the information is needed for treatment.
Plain Language
-
Authorizations must be specific and written in plain English. They must also state to whom the information is being released.
Conditional
-
A health care provider or other entity subject to the rule may not generally make treatment conditional on the patient signing an authorization.
Minimum Necessary
-
If an authorization is obtained, only the minimum necessary amount of protected health information to accomplish the purpose may be disclosed.
-
Healthcare Industry - Related Articles
- Creating a Comprehensive Health Assessment Plan: A Step-by-Step Guide
- Become an Ultrasound Technologist: Requirements & Career Outlook
- Choosing a Physical Therapy Center: Essential Questions to Ask
- HIPAA Compliance: Understanding Federal Rules & Patient Rights
- Understanding State Medical Practice Acts: Laws & Regulations
- Healthcare Risk Management: Protecting Patients & Organizations
- Pharmacy in India: Scope, Opportunities & Career Paths