- Home
- Campus
- Employment Services
- Employee Handbook
Employee Handbook
- Table of Contents
- HIPAA Policies and Procedures
- Authorization for Use or Disclosure of PHI
14.14 Authorization for Use or Disclosure of PHI
14.14.1 Policy Statement
All uses and disclosures of protected health information (PHI) beyond those otherwise permitted by current HIPAA law, and not otherwise prohibited under another applicable law, require a signed authorization. In addition, the Health Plan may obtain a signed authorization in situations where it is not required, but the Health Plan chooses to obtain the authorization.
14.14.2 Policy Interpretation and Implementation
Responsibility For Obtaining Authorizations |
The HIPAA Privacy Officer or his/her designee will be responsible for obtaining authorizations when use or disclosure of protected health information is necessary. |
|
|
Provision of Treatment, Payment, or Eligibility |
The provision of treatment, payment, or eligibility for benefits may not be conditioned on the individual's provision of an authorization for the use or disclosure of PHI. |
|
|
Content of Authorization |
Each authorization for the use or disclosure of an individual's PHI will be written in easy to read language and will include, at a minimum, the following information:
|
|
|
Request Form |
The Health Plan may develop a standard form for authorizing use and disclosure of PHI. If the Health Plan develops a form, the form must be used for all authorizations. |
|
|
Requests to Use or Disclose PHI for Own Purposes |
If the authorization is requested by the Health Plan for its own use or disclosure of the PHI it maintains, for purposes outside of treatment, payment or health care operations (TPO), health care oversight or public health activities, the following elements are required in addition to those specified in paragraph 2 above:
|
|
|
Requests for PHI from Others |
If the authorization is requested for disclosures of PHI by others, the following elements are required in addition to those specified in paragraph 3 above:
|
|
|
Use or Disclosure of PHI for Research |
Use or disclosure of PHI created for research generally requires an authorization unless such use or disclosure is permitted by law. Such authorization must include the basic elements specified in paragraphs 3 and 4 above, as well as the following information:
|
|
|
Record Retention |
A copy of all HIPAA covered information and any revisions shall be maintained for a period of at least six (6) years. Such retention may be in printed or electronic format, or both. |
nbsp; |
|
Privacy Officer |
The Privacy Officer is responsible for the development and implementation of the HIPAA policies and procedures. The Privacy Officer is also the contact person for any questions or complaints regarding HIPAA. Questions or concerns about HIPAA rights should be directed to the Privacy Officer during regular business office hours Monday through Friday, except holidays at (651) 696-6280. |
|
|
Violations |
Violations of this policy will be subject to discipline. |