Background on the HIPAA Privacy Rule
What is a HIPAA Consent Form? How does one obtain HIPAA Authorization?
A proper HIPAA Authorization form must contain the following
- A specific description of the information that will be used or disclosed.
- The name (or other specific identification) of the person or entity authorized to make the requested use or disclosure.
- The name or other specific identification of the entity whom information will be shared with.
- A description of the purpose of the requested disclosure. If a statement of the purpose is not provided, “at the request of the individual” can be sufficient.
- A specific time frame for the authorization, with an expiration date.
- A date and signature from the individual giving this authorization. (If the authorization is being given by an individual’s authorized representative, a description of the person’s authority to act on behalf of the individual must be detailed.)
Statements must also be included on the HIPAA authorization to notify the individual of:
- The right to revoke the authorization in writing.
- Exceptions to the right to revoke and a description of how the right to revoke can be exercised.
- HIPAA consent forms or HIPAA authorization are not required for allowable disclosures such those required for treatment, payment, or healthcare operations.
- HIPAA consent is often referring to HIPAA Authorization or an ROI.