• Register to Access the Free Forums and 3 Free CEUs!

    To view the content for the 3 free CEUs, please sign up today.

    CLICK HERE TO REGISTER
  • Missing Access To A Course, Blitz or Exam? Have Technical Issues? Open a Help Desk Ticket
    Please Do Not Post in the Community About Access or Technical Issues
    CCO Business Hours for Help Desk and Coaching: Mon-Fri 9am-4pm Eastern

Resolved Authorization to Use or Disclose Health Information

Status
Not open for further replies.
P

PennyA_59051

New member
1) Where can I site a reference that this is required to be signed and dated by the Patient?
2) Does this expire yearly? If so, can anyone site the reference or link so that I can prove to a provider?

Thank you so much for your help!
 
PennyA_59051 said:
1) Where can I site a reference that this is required to be signed and dated by the Patient?
2) Does this expire yearly? If so, can anyone site the reference or link so that I can prove to a provider?

Thank you so much for your help!
Click to expand...

1. HIPAA law explains the Authorization here under "Authorized Uses and Disclosures". That said, the legal concept of "written authorization" is explained here. I couldn't find anywhere official that combined these two ideas into one citation since "written authorization" is a widely known legal term.
Authorization. A covered entity must obtain the individual’s written authorization for any use or disclosure of protected health information that is not for treatment, payment or health care operations or otherwise permitted or required by the Privacy Rule.44 A covered entity may not condition treatment, payment, enrollment, or benefits eligibility on an individual granting an authorization, except in limited circumstances.45

An authorization must be written in specific terms. It may allow use and disclosure of protected health information by the covered entity seeking the authorization, or by a third party. Examples of disclosures that would require an individual’s authorization include disclosures to a life insurer for coverage purposes, disclosures to an employer of the results of a pre-employment physical or lab test, or disclosures to a pharmaceutical firm for their own marketing purposes.

All authorizations must be in plain language, and contain specific information regarding the information to be disclosed or used, the person(s) disclosing and receiving the information, expiration, right to revoke in writing, and other data. The Privacy Rule contains transition provisions applicable to authorizations and other express legal permissions obtained prior to April 14, 2003.46
Click to expand...

2. This depends on the specific terms outlined in your company's Authorization form as explained here. The last bold sentence is important since some State laws can limit how long it is effective. So a lawyer might have to get involved to counsel further.
The Privacy Rule requires that an Authorization contain either an expiration date or an expiration event that relates to the individual or the purpose of the use or disclosure. For example, an Authorization may expire "one year from the date the Authorization is signed," "upon the minor’s age of majority," or "upon termination of enrollment in the health plan."

An Authorization remains valid until its expiration date or event, unless effectively revoked in writing by the individual before that date or event. The fact that the expiration date on an Authorization may exceed a time period established by State law does not invalidate the Authorization under the Privacy Rule, but a more restrictive State law would control how long the Authorization is effective.
Click to expand...

Remember, we aren't lawyers and this isn't legal advice! ;)
 
Status
Not open for further replies.
Back
Top