: HOME  |  Privacy Policies  |  Frequently Asked Questions  |  Training

Privacy Forms - HCCs |  Privacy Information - Patients/Pacientes  

   Additional Information  |  Contact Information

YOU ARE HERE : HOME / HIPAA Frequently Asked Questions / PHI FAQ 2

2. When is a Covered Entity required to obtain an Authorization to use and disclose a patientís Protected Health Information?

A covered health care provider must obtain an Authorization for uses and disclosures of PHI for:

1. Other than for Treatment, Payment, and Health Care Operations;

2. Psychotherapy notes; and

3. Marketing that is not face-to-face or includes a gift of more than nominal value.

4. Research, unless specifically waived by the IRB.

NOTE: A Covered Entity cannot require an individual to execute an Authorization as a condition of receiving treatment.

An Authorization, in order to be valid, must contain certain elements specified in the regulations. The University's Authorization form is available on the HIPAA Privacy Forms - Clinics webpage.

Return to FAQ List

TOP ^  
Home Privacy Policies Frequently Asked Questions Privacy Forms - HCCs
Privacy Information - Patients/Pacientes Business Associate Agreements
Notice of Privacy Practices Training Additional Information
Contact Information

The University of Oklahoma Health Sciences Center

Office of Compliance
P. O. Box 26901
Oklahoma City, OK 73129
Phone: (405) 271-2511, (866) 836-3150
Fax: (405) 271-1076

Copyright © 2014 The Board of Regents of the University of Oklahoma, All Rights Reserved.
Disclaimer | Copyright