Authorization to Use or Disclose PHI: HIPAA Policy

This sample policy outlines procedures organizations should follow common to proper use or disclosure of protected health information (PHI).

The Health Insurance Portability and Accountability Act (HIPAA) requires a covered entity (CE) to obtain authorization to use or disclose protected health information for all purposes not explicitly permitted under the regulations (45 CFR §164.508[b][4]; §164.508[c]; §164.508[d]). A CE is a firm or individual group that provides healthcare services and that would use private health information. This includes physicians and all other caregivers, healthcare insurance plans, clearing houses and hybrid organizations.

Topics: Privacy, Healthcare & Pharmaceuticals Industry, Data Security, Human Resources, Laws & Regulations, Compliance

Create Account

Free 30 Day Trial

Single Subscription

Group Free 30 Day Trial

Group Subscription

Already have an account? Login

See subscription details and pricing.

Related Resources

Compliance Overview Questionnaire: HIPAA

HIPAA Security Gap Assessment Report

Ethics Program Guide

View All KnowledgeLeader Risk and Control Matrices (RCMs)