Is it possible to develop a “blanket” authorization form which could be used by all Covered Entities?
(A) As with most things HIPAA, each Covered Entity is responsible for developing its own privacy practices and its own applicable forms, including the entity’s Authorization form meeting not only HIPAA requirements, but also requirements specific to the respective agency/entity, type of information to be disclosed, and any prohibition on redisclosure of information provided by an Authorization. Further, the entity releasing the information pursuant to an Authorization is required to keep the original, and provide for and (as applicable) honor, written revocation of the signed Authorization, with applicable notice to others relying on that Authorization. Therefore, it is difficult to have a two way Authorization, binding two parties to mutual exchange of information from different covered entities and monitor and act on a revocation.
Related Questions
- Under the Privacy Rule can a covered entity honor an individual authorization form that is a faxed copy rather than the original form?
- Is it possible to develop a "blanket" authorization form which could be used by all Covered Entities?
- Can a Board use/develop a "Residency Verification" form to be used for clients within their own area?
