HIPAA PRIVACY RULE: WHEN TO OBTAIN AUTHORIZATIONS TO USE AND DISCLOSE PROTECTED HEALTH INFORMATION

Similar documents
USE AND DISCLOSURE REQUIRING AUTHORIZATION. Identifies when Facilities may use and disclose PHI of patients pursuant to an Authorization.

University of Wisconsin-Madison Policy and Procedure

ADMINISTRATIVE POLICY & PROCEDURE

Marketing This authorization authorizes marketing activities for which this medical practice will will not receive direct or indirect compensation.

Children s Hospital of Philadelphia SOP 707 Page Effective Date: Title: Requirements for and

Today s Date (mm/dd/yyyy):

NATIONAL INVITATIONAL CAMP, INC. AUTHORIZATION FOR USE AND DISCLOSURE OF RECORDS AND INFORMATION

AUTHORIZATION TO USE, DISCLOSE, & RELEASE PROTECTED HEALTH INFORMATION

Last Approval Date: April 2017

COLUMBIA UNIVERSITY INSTITUTIONAL REVIEW BOARD POLICY ON THE PRIVACY RULE AND THE USE OF HEALTH INFORMATION IN RESEARCH

VIATICAL SETTLEMENT APPLICATION

**** Does the above address, match the address on your State Identification Card? Yes No *****

Safety Net Grant Program

Stanford Blood Center, LLC

AUTHORIZATION TO RELEASE PROTECTED HEALTH INFORMATION

Standard Insurance Company. Individual Client Services PO Box 711 Portland OR Policy Change Form and Application Supplement A

Health Insurance Portability and Accountability Act (HIPAA) West Virginia State Government Covered Entity Survey

Health Care Compliance Association

EXHIBIT C - CATEGORIZATION AND AWARD AMOUNT FORM

THE CITY AND COUNTY OF SAN FRANCISCO SECTION 125 CAFETERIA PLAN HIPAA PRIVACY POLICIES & PROCEDURES

DEPARTMENT OF VERMONT HEALTH ACCESS GENERAL PROVIDER AGREEMENT

Compliance Considerations Related To Clinical Trials. Daniel Shapiro Director, Research Compliance

UNIVERSITY POLICY. Adopted: 11/1/2016 Reviewed: 11/1/2016. Revised: Contact:

Agile Mind Counseling 506 Maple Street A Wellness Approach Athens, Tn

PLEASE CHECK ALL BOXES THAT APPLY AND COMPLETE THE APPROPRIATE SECTION(S) OF THE FORM. Patient name: Date of birth: Sex: M F

PRO SPORTS THERAPY, INC. (P.S.T.)

UAMS ADMINISTRATIVE GUIDE NUMBER: 2.1

Ra m sd ell P ed iatrics, I nc.

LightHouse HEALTHCARE POLICY MANUAL

Notice to Patients 4. COMMUNITY FIRST PATIENTS MUST PRESENT CURRENT MONTHLY SHEET AND ID CARD TO BE VERIFIED BEFORE SERVICE CAN BE PERFORMED.

ELA Settlement Services, LLC Data Collection Form

SUBJECT: Disclosure and accounting of protected health information (PHI).

Voluntary Benefits Disability Income Claim Form Claimant Initial Statement of Disability

HIPAA Policy Minimum Necessary Use December 1, 2015

HIPAA PRIVACY AUTHORIZATION FORM

USE OF PROTECTED HEALTH INFORMATION ( PHI ) FOR MARKETING PURPOSES

Limited Data Set Data Use Agreement For Research

Are you receiving SSDI, SSRI, or SSI benefits? Yes* No Date of eligibility * Please send copy of award letter to the Board.

HIPAA & The Medical Practice

University HealthCare Alliance

Saturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

Ellie s Army Foundation Grant Application

HHS Proposed Rule Modification for the HIPAA Standards for Privacy of Individually Identifiable Health Information (NPRM)

Ellie s Army Foundation

POLICY REGARDING NOTICE OF PRIVACY PRACTICES

Insured Home Telephone Number Policy Number(s) ( ) Address Social Security Number Date of Birth

ADVANTAGE PROGRAM WAIVER SERVICES PROVIDER

In addition there are several aspects of your disability claim that you should be aware of:

BARIATRIC PATIENT INFORMATION PACKET

UPMC POLICY AND PROCEDURE MANUAL

LOYAL AMERICAN LIFE INSURANCE COMPANY PO BOX 1604, DUNCAN, OKLAHOMA, Phone (800)

To inform the UAMS workforce about the requirements for a patient s request to amend medical records or Protected Health Information (PHI).

TEXAS SOUTHERN UNIVERSITY HIPAA BUSINESS ASSOCIATE AGREEMENT

HITECH/HIPAA Omnibus Final Rule: Implications for Hospices. Elizabeth S. Warren May 3, 2013

HIPAA Insurance Portability Act HIPAA. HIPAA Privacy Rule - Education Module for Institutional Review Boards

"HIPAA RULES AND COMPLIANCE"

HIPPA Research Policy

Washington State Enrollment Form for Medical and/or Prescription Insurance for Individuals and Families

TEXAS EAR, NOSE AND THROAT SPECIALISTS, L.L.P. NOTICE OF PRIVACY PRACTICES

HyperImmune Patient Assistance Program PO Box 219, Gloucester, MA Phone: Fax:

Patient Name: Last First Middle Address: Marital Status: (circle one) Single Married Divorced Widowed Other Gender: Female Male

Sabates Eye Centers P.O. Box Kansas City, MO (913)

MACRI DENTAL LLC 4380 S. Syracuse St. Suite 502 Denver, CO Patient Registration Form

HIPAA FUNDAMENTALS For Substance abuse Treatment Industry

Trinity Family Physicians

AccessCUBICIN Enrollment Form

CANCER CLAIM FORM. Failure to complete this form in its entirety may result in a delay in processing this claim.

Our portals are encrypted and password-protected, too, so health data remains secure.

HIPAA Privacy Release Form

NeedyMeds

These restrictions apply to:

Effective Date: 08/2013

DO NOT USE THIS CLAIM KIT TO REPORT INJURIES INCURRED BY LOCAL CHURCH OR SCHOOL EMPLOYEES.

HIPAA s Medical Privacy Standards:

WELCOME TO OUR OFFICE. Patient s Name: Today s Date: First Middle Last. Home Address: City: State: Zip: Telephone: Home ( ) Cellular: ( ) Work: ( )

What do you need? Copy of HIPAA Policy on Accounting for Uses or Disclosures of Protected Health Information Department Disclosure Log(s)

Proof of Loss of Limb(s) or Sight Statements

Instructions for Completing this Long Term Care Claim Form

This form is to be used in conjunction with the Application for IRB Review

Connecticut Asthma & Allergy Center LLC Registration Form

Covis Pharmaceuticals, Inc. Patient Assistance Program

MP+ International Claim Form & Authorization Filing Instructions

4601 Spicewood Springs Rd., Office (512) Austin, Texas Fax (512) DOCTOR-CLIENT SERVICES AGREEMENT

HIPAA Policy 5032 Statement of Policy on Use and Disclosure of Protected Health Information for Research Purposes

CHAPTER 33 HIPAA PRIVACY REGULATIONS

JOEL D. FOSTER DPM, PC AUTHORIZATION TO RELEASE MEDICAL BENEFITS

SICKNESS CLAIM FORM. Failure to complete this form in its entirety may result in a delay in processing this claim. Hospital Indemnity Policy Number

UBMD Policy for HIPAA Compliant Subject Recruitment

Date employed (mo/day/yr)

Workers Compensation Modifier Controllers, Inc.

Partnership & Corporation Professional Liability Application

STANDARD TORT CLAIM FORM PLEASE TYPE OR PRINT IN INK

Child s Name Date of Birth. Address. City State Zip. Father s Name Phone (home) Phone (cell) Address. City State Zip.

SHORT TERM DISABILITY CLAIM

Need help with frequent crisis, housing, transportation?

North Shore LIJ Health System, Inc. Facility Name. CATEGORY: Effective Date: 8/15/13

HIPAA Authorization For use with Life, DI and Life with Long Term Care Riders

New Wave Internal Medicine Clinic

LIFE SETTLEMENT APPLICATION

Transcription:

Administrative, Operations and Business Practices HIPAA PRIVACY RULE: WHEN TO OBTAIN AUTHORIZATIONS TO USE AND DISCLOSE PROTECTED HEALTH INFORMATION I. Policy The (USC) 1 may use and disclose an individual s Protected Health Information 2 (PHI) only pursuant to a written Authorization of the patient or the patient s Personal Representative with the following exceptions: for treatment, payment or health care operations (see USC HIPAA Policy CLIN-201) as mandated or permitted by public policy (see USC HIPAA Policy GEN- 103) for certain research purposes (see USC HIPAA Policy RES-301) de-identified PHI or limited data sets (see USC HIPAA Policy GEN-105, RES-301) certain highly sensitive records which require disclosure-specific written authorization (see USC HIPAA Policy CLIN-203) II. Procedures A. General procedure 1. When an authorization is required Except as set forth above, a patient or patient s Personal Representative must sign a HIPAA authorization before USC may use or disclose the 1 For purposes of the HIPAA Privacy Rule, USC includes USC Norris Cancer Hospital, Keck Hospital of USC, USC s employed physicians, nurses and other clinical personnel, those units of USC that provide clinical services within the School of Pharmacy, the Herman Ostrow School of Dentistry, Physical and Occupational Therapy as well as the Keck Doctors of USC, those units that support clinical and clinical research functions, including the Offices of the General Counsel, Audit and Compliance. 2 Protected Health Information is identifiable information that relates to an individual s past, present or future physical or mental condition or to payment for health care. Page 1 of 6

patient s PHI. Examples of specific disclosures which require authorizations include: a. requests from a patient's attorney b. life insurance company requests c. camp or school physical forms (if such form will be released to anyone other than the parent) d. immunization records (if such records will be released to anyone other than the parent) e. worker's compensation (except if the purpose of the disclosure is limited to payment only) f. use of PHI for a clinical trial g. company physicals (other than at the request of the employer pursuant to USC's policy on uses and disclosures based on public policy (USC HIPAA Policy GEN-103) h. use of PHI for marketing i. use of PHI for fundraising 2. Use of USC authorization forms The privacy regulations have specific requirements for ensuring that a patient authorization is valid. USC has developed a number of template authorizations that satisfy the specific authorization criteria in the privacy regulations. USC s template forms can be found at: http://policies.usc.edu/index-hipaa.html 3. Non-USC authorization forms USC faculty, staff and other employees covered by the Privacy Rule may not disclose PHI pursuant to an authorization form without ensuring that it meets the privacy requirements. Contact the Office of Compliance for assistance or refer to the elements below. Page 2 of 6

B. Elements of patient authorization A valid non-usc authorization form must contain the following elements: 1. Description of health information. The authorization identifies the PHI to be used or disclosed in a specific and meaningful fashion. 2. Identification of authorized person. The authorization identifies the name or other specific identification of the person(s) authorized to make the requested use or disclosure (e.g., the patient or the patient s Personal Representative). 3. Identification of recipient. The authorization identifies by name or other specific identification the person(s), or class of persons, authorized to receive, use and/or disclose the PHI (e.g., USC; a third party designated by the patient). 4. Description of purpose(s). The authorization must contain a description of each purpose for which PHI is to be used or disclosed by the recipient. a. This description must be specific enough to provide a patient with the facts that he/she needs to make an informed decision whether to allow release of the PHI. b. The statement at the request of the individual/patient is a sufficient description of the purpose when the patient initiates the authorization and does not (or elects not to) provide a statement of the purpose. 5. Expiration. The authorization must contain an expiration date or an expiration event that relates to the patient or the purpose of the use or disclosure. For research authorizations, "none" or "the end of the research study" is acceptable. Page 3 of 6

6. Statement of right to revoke. The authorization must contain a statement of the patient s right to revoke the authorization in writing and the exceptions to the right to revoke, together with either a description of how the patient may revoke the authorization or a cross-reference to a Notice of Privacy Practices. 7. Statement that treatment not conditioned on the authorization. The authorization must contain a statement that the provision of health care to the patient is not conditioned on whether the patient signs the authorization, unless either: a. the health care to be provided is solely for the purpose of creating PHI to be disclosed to a third party and the patient s authorization permits USC to release the patient s PHI to such third party; or b. the health care to be provided is research-related treatment and the patient s authorization is for the use or disclosure of PHI for such research pursuant to USC HIPAA Policy RES-301. 8. Statement regarding redisclosure. The authorization must contain a statement that PHI used or disclosed pursuant to the authorization may be subject to redisclosure by the recipient and no longer protected by the Privacy Rule. 9. Remuneration for marketing activity. If the authorization is for a marketing activity and if USC has received or will be receiving any remuneration in connection with such marketing activity, the authorization must state that USC is receiving remuneration in connection with such marketing activity. 10. Dated patient signature. The authorization must contain a signature of the patient or the patient s Personal Representative and the date of the signature. 11. Personal Representative. If the authorization is signed by a Personal Representative of the patient, a Page 4 of 6

description of such Personal Representative's authority to act for the patient must be included. C. Verification of validity. The following information must be verified to confirm that the authorization is valid: 1. Completion. A non-usc authorization must contain all the elements identified in Section II.B above. 2. Not expired. The authorization must not be expired. 3. Not revoked. The authorization must not be revoked. 4. No material false information. The authorization must not contain any material information that is known to be false. 5. No compound authorizations. Additional References 45 CFR 164.508 An authorization may not be combined with any other document to create a compound authorization, except as set forth in the two exceptions below: a. An authorization to use or disclose PHI for a research study may be combined as set forth in USC HIPAA Policy RES-301. b. An authorization covered under this policy may be combined with any other authorization covered under this policy, except when the provision of health care has been conditioned on the provision of one of the authorizations. Page 5 of 6

Responsible Office: Office of Compliance http://ooc.usc.edu/ complian@usc.edu (213) 740-8258 Page 6 of 6

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback