The HIPAA Privacy Rule allows a covered entity, such as a physician or a health plan, to disclose patient protected health information (PHI) without first obtaining a patient’s authorization for treatment, payment, and other purposes such as research and quality improvement activities. The Rule requires a covered entity to obtain an authorization in writing from a patient prior to any other disclosures not specifically identified in the Rule. We invite you to read our new products related to the core elements of a patient authorization and exceptions to the patient authorization requirement.
New Products on Patient Authorization Requirements and Exceptions under the HIPAA Privacy Rule
Posted on October 2, 2013
.png)