maintenance of a research database or repository l Signature of the individual and date. If the authorization is signed by a personal representative of the individual, a description of the representative’s authority to act for the individual must be provided
In addition to the core elements, the rule states that a valid authorization must include:
1. A statement of the individual’s right to revoke the authorization, in writing, and either:
l A reference to the revocation right and procedures described in the notice, or l A statement about the exceptions to the right to revoke, and a description of how the individual may revoke the authorization
Exceptions to the right to revoke include situations in which the covered entity has already taken action in reliance on the authorization, or the authorization was obtained as a condition of obtaining insurance coverage.
2. A statement about the ability or inability of the covered entity to condition treatment, payment, enrollment, or eligibility for benefits on the authorization:
l The covered entity must state that it may not condition treatment, payment, enrollment, or eligibility for benefits on whether the individual signs the authorization, or l The covered entity must describe the consequences of a refusal to sign an authorization when the covered entity conditions research-related treatment, enrollment or eligibility for benefits, or the provision of healthcare, solely for the purpose of creating protected health information for a third party on obtaining an authorization
3. A statement that information used or disclosed pursuant to the authorization may be subject to redisclosure by the recipient and may no longer be protected by the rule
When a Covered Entity Requests Patient Authorization: The covered entity must provide the individual with a copy of the signed authorization when the covered entity seeks the authorization.
When a Non-Covered Entity Requests Patient Authorization: If a non-covered entity (i.e. pharmaceutical company, attorney’s office) solicits a patient’s authorization to release PHI to the non-covered entity, the authorization must contain all elements of a General Authorization as required. See research authorization guidance below. Compound Authorizations
An authorization may be combined with another document to create a Compound Authorization only as described below:
l Research: An authorization for the use or disclosure of PHI for a research study may be combined with any other type of written permission for the same or another research study, including a consent to participate in the research or another authorization to disclose protected health information from the research. In addition, the HITECH Omnibus Rule now permits the combining of conditioned and unconditioned authorizations. The individual must be able to opt-in to the unconditioned authorization. This simplifies authorization paperwork for the research community. For example, a researcher will be able to rely on a single authorization for a clinical trial that requires execution of the authorization to participate in the trial and that also includes an opt-in (such as a check box or a second signature line) authorizing the
Copyright © 2013 by The American Health Information Management Association. All Rights Reserved.
Powered by FlippingBook