Individual privacy rights as defined in the HIPAAPrivacy Rule include
consent and authorization by the patient for the release of PHI. The
difference between consent and authorization as used in the Privacy Rule is:
A.
Consent grants general permission to use or disclose PHI, and
authorization limits permission to the purposes and the parties
specified in the authorization.
B.
Consent grants general permission to use or disclose PHI, and
authorization limits permission to the purposes specified in the
authorization.
C.
Authorization grants general permission to use or disclose PHI, and
consent limits permission to the purposes and the parties specified
in the consent.
D.
Consent grants general permission to use or disclose PHI, and
authorization limits permission to the parties specified in the
authorization.
Explanation:
Answer b is therefore incorrect. Answer c is incorrect since the
limits to authorization do not include the parties concerneD . Answer
d is incorrect since the limits to authorization do not include the
specified purposes. The other individual privacy rights listed in the
HIPAA Privacy Rule are:
Notice (of the covered entities privacy practices)
Right to request restriction
Right of access
Right to amend
Right to an accounting
In August of 2002, the U.S. Department of Health and Human
Services (HHS) modified the Privacy Rule to ease the requirements
of consent and allow the covered entities to use noticE . The changes
are summarized as follows:
Covered entities must provide patients with notice of the patients
privacy rights and the privacy practices of the covered entity.
Direct treatment providers must make a good faith effort to
obtain patients written acknowledgement of the notice of
privacy rights and practices. (The Rule does not prescribe a form
of written acknowledgement; the patient may sign a separate
sheet or initial a cover sheet of the notice.)
Mandatory consent requirements are removed that would inhibit
patient access to health care while providing covered entities
with the option of developing a consent process that works for
that entity. If the provider cannot obtain a written
acknowledgement, it must document its good faith efforts to
obtain one and the reason for its inability to obtain the
acknowledgement.
Consent requirements already in place may continue.
“Consent,” as it was used in the Privacy Rule, refers to advance permission, typically given by the patient at the start of treatment, for various disclosures of patient information to third parties. Consent is no longer required by the Privacy Rule after the August 2002 revisions.
0
0
Ok, but only if the use or disclosure must be consistent with the Authorization. See below. Agreed?
http://privacyruleandresearch.nih.gov/authorization.asp
” A Privacy Rule Authorization is an individual’s signed permission to allow a covered entity to use or disclose the individual’s protected health information (PHI) that is described in the Authorization for the purpose(s) and to the recipient(s) stated in the Authorization. In contrast, an informed consent document is an individual’s agreement to participate in the research study and includes a description of the study, anticipated risks and/or benefits, and how the confidentiality of records will be protected, among other things. An Authorization can be combined with an informed consent document or other permission to participate in research. If a covered entity obtains or receives a valid Authorization for its use or disclosure of PHI for research, it may use or disclose the PHI for the research, but the use or disclosure must be consistent with the Authorization.”
0
0