• Revenue Cycle Management
  • COVID-19
  • Reimbursement
  • Diabetes Awareness Month
  • Risk Management
  • Patient Retention
  • Staffing
  • Medical Economics® 100th Anniversary
  • Coding and documentation
  • Business of Endocrinology
  • Telehealth
  • Physicians Financial News
  • Cybersecurity
  • Cardiovascular Clinical Consult
  • Locum Tenens, brought to you by LocumLife®
  • Weight Management
  • Business of Women's Health
  • Practice Efficiency
  • Finance and Wealth
  • EHRs
  • Remote Patient Monitoring
  • Sponsored Webinars
  • Medical Technology
  • Billing and collections
  • Acute Pain Management
  • Exclusive Content
  • Value-based Care
  • Business of Pediatrics
  • Concierge Medicine 2.0 by Castle Connolly Private Health Partners
  • Practice Growth
  • Concierge Medicine
  • Business of Cardiology
  • Implementing the Topcon Ocular Telehealth Platform
  • Malpractice
  • Influenza
  • Sexual Health
  • Chronic Conditions
  • Technology
  • Legal and Policy
  • Money
  • Opinion
  • Vaccines
  • Practice Management
  • Patient Relations
  • Careers

Invalid authorizations

Article

A medical records retrieval service has been sending us signed authorizations that don't contain all the HIPAA-required items, although the service insists that its forms are in compliance. Should we honor these requests for information?

Q: A medical records retrieval service has been sending us signed authorizations that don't contain all the HIPAA-required items, although the service insists that its forms are in compliance. Should we honor these requests for information?

A: No. To be valid, an authorization must contain, at minimum, the following elements: (1) a description of the information to be disclosed; (2) the name of the authorized discloser; (3) the name of the recipient; (4) the purpose of the disclosure (which, in special circumstances, may be satisfied with the phrase, "at the request of the individual"); (5) an expiration date or event (for example, "at the conclusion of the research project"); and (6) the patient's signature and date.

A valid authorization must also make clear the patient's right to revoke the authorization in writing at any time; whether, in special circumstances, any treatment, payment, enrollment, or benefit eligibility is dependent upon the authorization; and the potential for the information to be redisclosed by the recipient and, therefore, no longer protected by HIPAA.

Alert the retrieval service to whatever items you believe are missing from their authorizations, asking them to make the necessary changes.

Related Videos
Related Content
Study shows AI's potential to ease physician workload, highlights need for caution

Study shows AI's potential to ease physician workload, highlights need for caution

April 25th 2024
Article
How AI threatens the privacy of patient health data

How AI threatens the privacy of patient health data

February 8th 2024
Podcast
Web Golinkin: ©Web Golinkin

How AI can fill gaps caused by the health care worker shortage

April 25th 2024
Article
Is too much regulation stifling health care innovation?

Is too much regulation stifling health care innovation?

October 10th 2023
Podcast
physician doctor hands with morning coffee: © kwanchaichaiudom - stock.adobe.com

Healthy lunches for students; mechanical bull risks; medical fraudster on the lam – Morning Medical Update

April 25th 2024
Article
row of masked female doctors ©AkuAku-stock.adobe.com

A woman’s touch: Female doctors linked to better patient outcomes

April 24th 2024
Article