HIPAA Privacy Regulation

Authorization

  • The privacy regulations give covered entities permission to use and disclose PHI for treatment, payment, and health care operations (TPO), without obtaining specific authorization.
  • A covered entity may disclose PHI to other covered entities such as reference laboratories, and homecare services, which are providing services to the primary covered entity.
  • The service that the other covered entity is providing must fall within treatment, payment or health care operations (TPO).
  • If the service being provided does not fall within TPO, an authorization is generally required.
  • An authorization form must state the specific disclosures of PHI to be made, what the information will be used for, and must be signed and dated by the patient.

Review for ASCP Boards or test your clinical laboratory science knowledge with the FREE LabCE.com Quiz Game.

HIPAA Privacy and Security Regulations course details »

Learn more about medical technologist continuing education for MTs, MLTs, and other lab personnel »

Get information on laboratory safety training for clinical and medical laboratories »