On April 14, 2003, the privacy rules promulgated under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) changed the way that certain health record custodians (called “covered entities”) will respond to a request for disclosure of a person’s "protected health information" (PHI).

As a company engaged in the business of the reproduction of medical information (a "Business Associate" to the covered entities), we understand how HIPAA impacts the process of procuring medical records. Weassure total compliance to the privacy and security roles regulated under HIPAA when a request involves PHI.

Pursuant to Title 45 of the Code of Federal Regulations, Section 164.508, a valid authorization for the release of PHI must contain at least the following elements, written in plain language:

1. A detailed description of the PHI to be disclosed that identifies the information in a specific and meaningful fashion (e.g. using exact dates or identifying the type of examinations);
2. The name or other specific identification of the medical facility or hospital that is being authorized to make the requested disclosure;
3. The name or other specific identification of the person(s), or class of persons, to whom the covered entity may make the requested disclosure;
4. An expiration date or an expiration event that relates to the patient
5. State the purpose of the disclosure;
6. State the consequences for the patient and how the patient is affected if he or she refuses to sign the authorization;
7. A statement of the patient’s right to revoke the authorization in writing and the exceptions to the right to revoke, together with a description of how the patient may revoke the authorization;
8. A statement that information used or disclosed pursuant to the authorization may be subject to redisclosure by the recipient and no longer be protected by this rule;
9. Signature of the patient and date; and
10. If the authorization is signed by a personal representative of the patient, a description of such representative’s authority to act for the patient.

Some health care attorneys also suggest including the patient’s birth date and social security number on the authorization. In order to expedite our services and avoid delays obtaining PHI, it is important to ensure that Patient Authorizations are HIPAA compliant. To view a sample Patient Authorization that complies with HIPAA, click here.

Digital Duplicating adheres to full compliance guidelines and procedures while also providing expedited, efficient service for our clients. If you have any questions or concerns regardingour approach to HIPAA compliance, contact us.

For further information regarding HIPAA, visit the U.S. Department of Health and Human Services website.