Under what situation would we need a patients written authorization before using or disclosing their protected health information?
When authorization is needed for use and disclosure of PHI?Answer: A patient authorization is not required for disclosure of PHI between Covered Entities if the disclosure is needed for purposes of treatment or payment or for healthcare operations. You may disclose the PHI as long as you receive a request in writing.
For what reasons can you use or disclose PHI?In general, a covered entity may only use or disclose PHI if either: (1) the HIPAA Privacy Rule specifically permits or requires it; or (2) the individual who is the subject of the information gives authorization in writing.
When can a covered entity use or disclose PHI without an authorization?A covered entity must disclose protected health information in only two situations: (a) to individuals (or their personal representatives) specifically when they request access to, or an accounting of disclosures of, their protected health information; and (b) to HHS when it is undertaking a compliance investigation or ...
What is used to inform patients of the uses and disclosures of health information?HIPAA enables patients to learn to whom the covered entity has disclosed their PHI. This is called an “accounting of disclosures.” The accounting will cover up to six years prior to the individual's request date and will include disclosures to or by business associates of the covered entity. See 45 CFR § 164.528.
|