HIPAA Privacy Regulation

Authorization

  • The privacy regulations give covered entities permission to use and disclose PHI for treatment, payment, and health care operations (TPO), without obtaining specific authorization.
  • A covered entity may disclose PHI to other covered entities such as reference laboratories, and homecare services, which are providing services to the primary covered entity.
  • The service that the other covered entity is providing must fall within treatment, payment or health care operations (TPO).
  • If the service being provided does not fall within TPO, an authorization is generally required.
  • An authorization form must state the specific disclosures of PHI to be made, what the information will be used for, and must be signed and dated by the patient.

Learn more about laboratory continuing education for individuals and lab safety and compliance courses for the whole lab.

HIPAA Privacy and Security Regulations course details »

Learn more about laboratory continuing education for ASCP, AMT, NCA, and state renewal and recertification requirements »

Get information on OSHA laboratory safety courses for clinical and medical laboratories »