Authorization to Release Patient Information
When a hospital or an insurance company wants to share details in a medical record with a third party for purposes other than treating or billing a patient, it first must obtain permission from the patient to disclose the data. This permission is referred to as an authorization to release patient medical information.-
Legal Document
-
The authorization grants permission to hospitals, health insurers and other businesses in the health care industry that hold patient data to send selected parts of an individual's protected health information to an outside organization for a specific reason. Doctors and health insurance companies must get the authorization in writing and keep the form on file.
Protected Information
-
Specifically, health care organizations need authorization for non-routine disclosures of a patient's name, address, birthdate and Social Security number. Sharing details on the individual's past, present or future mental or physical health requires an authorization, as does disclosing details of the medical care the patient received, his current treatment or care he will receive. Doctors also need authorization to share patient payment records, according to the U.S. Department of Health & Human Services (HHS) website on health information privacy.
Reason for Authorization
-
The authorization requirement for non-routine disclosures came about with the passage of privacy standards enacted in the Health Insurance Portability and Accountability Act of 1996. As the industry moves toward electronic storage and transmission of health data, these standards give patients the right to control who sees their medical information. The requirement protects patient health information from data mining for marketing campaigns and from becoming a determining factor in employment decisions, according to HHS.
Authorization Components
-
Authorization forms must state the name of the patient or the person authorized to disclose the health information. The document must name a specific recipient of the data. The authorization needs to include a description of the information and the reason for sharing it, and a valid authorization form must include the signature of the patient or his personal representative, the current date and an expiration date.
Other Authorization Features
-
Hospitals and health plans need authorization to share all forms of protected health information, whether delivered orally, stored electronically or maintained in a file room. A patient can request a copy of the authorization and at any time send a written request to revoke the permission to share his medical data. Patients also have the right to authorize disclosures to themselves and family members and ask their physician for a report detailing who has seen their medical data.
-
Healthcare Management - Related Articles
- HIPAA Authorization to Disclose Health Information
- Health Information Technology & Privacy
- Patient Information & Confidentiality
- HIPAA & E-Mailing Patient Information
- HIPAA & Authorization for Release of Information
- HIPAA Authorization to Release Medical Information
- What Is Patient Health Information?