The HIPAA Privacy Rule allows a covered entity, such as a physician or a health plan, to disclose patient protected health information (PHI) without first obtaining a patient’s authorization for treatment, payment, and other purposes such as research and quality improvement activities. The Rule requires a covered entity to obtain an authorization in writing from a patient prior to any other disclosures not specifically identified in the Rule. To learn more about the core elements of a valid patient authorization requirements under the HIPAA Privacy Rule, read our Fast Facts.
Enter the password to open this PDF file:
.png)