HIPAA Authorization to Disclose Health Information
The Health Insurance Portability and Accountability Act (HIPPA) was developed by Congress in 1996 in response to the need for patient health care information to be protected. HIPAA ensures the confidentiality, and prevents the misuse of, private patient information.-
Privacy Rule
-
According to HIPAA's Privacy Rule, a covered entity must obtain written authorization from a patient, consenting to have their medical information disclosed for purposes beyond the scope of treatment or billing. If the patient does not give their consent or authorization, the covered entity must not disclose health information.
Minimum Necessary
-
The concept of "Minimum Necessary" is integral to HIPAA disclosure standards. Minimum necessary means that when patient health care information is being disclosed, covered entities should disclose only the minimum amount of information necessary to fulfill the need. Providing too much information on a patient becomes unnecessary and is not in the patient's best interest.
Exceptions
-
Exceptions exist for times when it is not necessary to obtain patient authorization to disclose their health information. For instance, health care information can be subpoenaed by a judge and the covered entity does not need the patient's authorization to disclose it to the courts.
-