Compliance & Legal
HIPAA Authorization
A patient's written permission to use or disclose PHI beyond treatment, payment, or operations.
A HIPAA Authorization is a patient's signed, written permission allowing a covered entity to use or disclose their protected health information (PHI) for purposes not otherwise permitted by the Privacy Rule: for example, marketing or sharing records with a third party.
Unlike routine uses for treatment, payment, and health care operations (which don't require authorization), these disclosures need explicit, revocable consent that specifies exactly what information may be shared and with whom.