Skip to Content

Fast Facts: Patient Authorization Requirements to Disclose Health Information

The HIPAA Privacy Rule allows a covered entity, such as a physician or a health plan, to disclose patient protected health information (PHI) without first obtaining a patient’s authorization for treatment, payment, and other purposes such as research and quality improvement activities. The Rule requires a covered entity to obtain an authorization in writing from a patient prior to any other disclosures not specifically identified in the Rule.  To learn more about the core elements of a valid patient authorization requirements under the HIPAA Privacy Rule, read our Fast Facts.

Current View