Authorizations
- Must an Authorization include an expiration date?
- Can an Authorization be used together with other written instructions from the intended recipient of the information?
- May a valid Authorization list categories of persons who may use or disclose protected health information, without naming specific individuals or entities?
- Does the HIPAA Privacy Rule prohibit researchers from conditioning participation in a clinical trial on an authorization to use/disclose existing protected health information?
- Does the Privacy Rule require that an Authorization be notarized or include a witness signature?
- Is a copy, facsimile, or electronically transmitted version of a signed Authorization valid under the Privacy Rule?
- Does the Privacy Rule permit a covered entity to use or disclose protected health information pursuant to an Authorization form that was prepared by a third party?
- What is the difference between “consent” and “authorization” under the HIPAA Privacy Rule?
- May a covered entity use or disclose a patient’s entire medical record based on the patient’s signed Authorization?
- Does the HIPAA Privacy Rule permit doctors, nurses, and other health care providers to share patient health information for treatment purposes without the patient’s authorization?
- When is an authorization required from the patient before a provider or health plan engages in marketing to that individual?
- May a covered entity disclose protected health information specified in an Authorization, even if that information was created after the Authorization was signed?