Health Information Compliance Alert
'CONSENT' DOESN'T IMPLY 'AUTHORIZATION'
PDF
Question: What is the difference between "consent" and "authorization" under the Privacy Rule? Answer: There is a difference. According to the Rule, a covered entity may opt to obtain consent from patients for uses and disclosures of protected health information for purposes related to payment, treatment, or health care operations. Also, according to HHS, "with limited exceptions, covered entities may not condition treatment or coverage on the individual providing an authorization."
Utah Subscriber
Authorizations, however, are required by the Privacy Rule for uses and disclosures of PHI that are not otherwise permitted by the Rule; thus, voluntary consent cannot stand in place of an authorization in such cases unless the conditions for obtaining consent satisfy the requirements of a valid authorization.
A valid authorization is "a detailed document that gives covered entities permission to use protected health information for specified purposes, which are generally other than treatment, payment, or health care operations, or to disclose protected health information to a third party specified by the individual," states the Department of Health and Human Services on its Web site. Authorizations must specify certain pieces of information, including:
• The protected health information to be used and disclosed;
• The person authorized to make the use or disclosure;
• The person to whom the covered entity may make the disclosure;
• An expiration date;
• In some cases, the purpose for which the information may be used or disclosed
Health Information Compliance Alert
- SECURITY:
5 Easy Ways To Protect Your Computers And Stamp Out Security Rule Breaches
Batten down workstations' hatches to ward off PHI leaks.
Even the most advanced internal security controls [...] - Security Compliance:
Don't Let Security Incidents Catch You By Surprise
Expert guidance helps you spot incidents before the feds spot you.
You have to protect your [...] - Information Technology Update:
HHS To Transition AHIC To Private Sector Entity
Health IT leadership not confined to federal decision makers.
The feds are moving to further integrate [...] - YOU BE THE SECURITY EXPERT:
SHOULD WE PUT 'SELL BY' DATES ON AUTHORIZATIONS?
Question: Does an authorization always need an expiration date?
Answer: The Privacy Rule requires that [...] - HIPAA Training:
Don't Get Rear-Ended By Your Front Desk
Key: Train staff on Privacy Rule's minimum necessary requirements.
When health care providers think of the [...] - Privacy Compliance:
The Right Way To Handle Patients' Confidential Communications Requests
4 steps to guarantee your staff doesn't spill the beans.
The Privacy Rule mandates that you [...] - Privacy Tool:
Use This Tool To Keep Track Of Patients' Confidential Communications Requests
Are you prepared to [...] - READER QUESTIONS:
GROUP HEALTH PLANS CAN DISCLOSE PHI
Question: Can a group health plan disclose protected health information to the plan sponsor without [...] - READER QUESTIONS:
'CONSENT' DOESN'T IMPLY 'AUTHORIZATION'
Question: What is the difference between "consent" and "authorization" under the Privacy Rule?
Utah Subscriber
[...] - READER QUESTIONS:
OFFICE GIFTS GET GREEN LIGHT
Question: Do doctor's offices need to obtain authorization before distributing any kind of promotional gift [...] - Industry News:
Medicaid Crackdown On Noncompliant Prescriptions Underway
Overlooking this law will guarantee denials.
On Oct. 1, state Medicaid directors began enforcing a law [...]