Health Information Compliance Alert

Reader Question:

'Consent' Vs. 'Authorization' -- What's The Difference?

Published on Thu Apr 17, 2014

PDF

Question: Under the HIPAA Privacy Rule, what is the difference between “consent” and “authorization?”

Answer: The term “consent” relates to disclosing protected health information (PHI) for treatment, payment, and healthcare operations (TPO) purposes. The Privacy Rule allows (but does not require) you to voluntarily obtain patient consent for such disclosures, and allows complete discretion to design a process that best suits a provider’s needs.

On the other hand, patient “authorization” relates to PHI disclosures not otherwise allowed under the Privacy Rule, according to the HHS Office for Civil Rights (OCR). You must have a signed patient authorization that gives you permission to use PHI for specified purposes, generally other than TPO purposes. You would also need an authorization to disclose a patient’s PHI to a third party.

OCR lists the following specific elements that you must include in an authorization:

A description of the PHI that you’ll use or disclose;
The person authorized to make the use or disclosure;
The person to whom you may make the disclosure;
An expiration date; and
The purpose for using or disclosing the PHI (in some cases).

Health Information Compliance Alert

Case Study:
How Much Could You Pay For Your BA's Mistakes?
Why you’re increasingly at risk for breach-related private lawsuits. Finger-pointing will get you nowhere when [...]

Update Your 'Pre-Existing' BAAs Now
Focus on 3 BAA terms that can increase your liability. While you’re pondering your business [...]

Quiz:
Test Your HIPAA Knowledge With This Quick Quiz
What’s the first step in securing your office’s network and hardware infrastructure? How much does [...]

Reader Question:
Is Faxed Information Considered ePHI?
Question: If we fax a document containing a patient’s medical information from one place to the [...]

Reader Question:
What To Do When Another Provider Refuses To Release Records
Question: We’re treating a new patient and need to obtain the patient’s prior treatment records. The [...]

Reader Question:
'Consent' Vs. 'Authorization' -- What's The Difference?
Question: Under the HIPAA Privacy Rule, what is the difference between “consent” and “authorization?” Answer: The term [...]

Enforcement News:
Check Out The New Risk Assessment Tool For iPad & Windows
Plus: Get ready now for the next series of HIPAA audits. Do you need help [...]

View All