Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search Store documents

The best documents sold by students who completed their studies

Search through all study resources
Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

University Rankings

Discover the best universities in your country according to Docsity users

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

From our blog

Exams and Study
Go to the blog

HIPAA Disclosure Request Checklist: Minimum Requirements & Verification, Study notes of Public Health

Bishop Grosseteste University (BGU)Public Health

The requirements and conditions for a public health authority to disclose protected health information (phi) to a covered entity without individual authorization, as permitted by the health insurance portability and accountability act (hipaa). The checklist includes the necessary representations and information the requestor should provide to ensure the disclosure meets the specific requirements and conditions outlined in the privacy rule. The requestor must demonstrate or represent that they are a public health authority, have legal authority to collect or receive the information, and that the information being requested is the minimum necessary for the stated public health purpose. The requestor should also be prepared to verify their identity.

Typology: Study notes

2021/2022

Uploaded on 09/12/2022

kiras
kiras 🇬🇧

4.7

(21)

293 documents

1 / 2

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
HIPAA: Public Health Authority
Disclosure Request Checklist
A Health Insurance Portability and Accountability Act (HIPAA) Covered Entity is permitted to disclose
protected health information (PHI) without individual authorization to a “public health authority” that is
authorized by law to collect or receive such information for the purpose of preventing or controlling
disease, injury or disability, such as for purposes of reporting disease, injury, or vital events, or for public
health surveillance, investigations, or interventions; or, at the direction of a public health authority, to
an official of a foreign government agency that is acting in collaboration with a public health authority.
(45 CFR 164.512(b)(1)(i)).
The HIPAA Privacy Rule imposes certain requirements and conditions on these disclosures, such as that
the covered entity must make reasonable efforts to limit the PHI disclosed to the minimum necessary to
accomplish the intended purpose of the disclosure. The following checklist is intended to help public
health authorities be prepared to provide a covered entity with the information and representations
necessary for the covered entity to ensure that a disclosure meets the specific requirements and
conditions outlined in the Privacy Rule.
The requestor of the PHI should be able to demonstrate or represent that:
The requestor is a “public health authority” as defined in the Privacy Rule. The Privacy Rule defines
“public health authority” as an agency or authority of the United States, a State, a territory, a
political subdivision of a State or territory, or an Indian tribe, or a person or entity acting under a
grant of authority from or contract with such public agency, including the employees or agents of
such public agency or its contractors or persons or entities to whom it has granted authority, that is
responsible for public health matters as part of its official mandate.
The requestor has legal authority to collect or receive the information it is requesting for the stated
public health purpose.
The information being requested is the minimum necessary for the stated public health purpose.
In most cases, the requestor should be prepared to provide a written statement of its legal authority.
However, in circumstances where it would be impracticable to provide a written statement, a covered
entity may rely, if reasonable, on an oral statement of authority.
In addition, the requestor should be prepared to verify its identity by:
Presenting an agency identification badge, other official credentials, or other proof of
government status if the request is made in person;
Making the request on the appropriate government letterhead if the request is made in writing;
or
If the request is by a person acting on behalf of a public official, providing a written statement
on appropriate government letterhead that the person is acting under the government’s
pf2

Partial preview of the text

Download HIPAA Disclosure Request Checklist: Minimum Requirements & Verification and more Study notes Public Health in PDF only on Docsity!

HIPAA: Public Health Authority

Disclosure Request Checklist

A Health Insurance Portability and Accountability Act (HIPAA) Covered Entity is permitted to disclose protected health information (PHI) without individual authorization to a “public health authority” that is authorized by law to collect or receive such information for the purpose of preventing or controlling disease, injury or disability, such as for purposes of reporting disease, injury, or vital events, or for public health surveillance, investigations, or interventions; or, at the direction of a public health authority, to an official of a foreign government agency that is acting in collaboration with a public health authority. (45 CFR 164.512(b)(1)(i)).

The HIPAA Privacy Rule imposes certain requirements and conditions on these disclosures, such as that the covered entity must make reasonable efforts to limit the PHI disclosed to the minimum necessary to accomplish the intended purpose of the disclosure. The following checklist is intended to help public health authorities be prepared to provide a covered entity with the information and representations necessary for the covered entity to ensure that a disclosure meets the specific requirements and conditions outlined in the Privacy Rule.

The requestor of the PHI should be able to demonstrate or represent that:

The requestor is a “public health authority” as defined in the Privacy Rule. The Privacy Rule defines “public health authority” as an agency or authority of the United States, a State, a territory, a political subdivision of a State or territory, or an Indian tribe, or a person or entity acting under a grant of authority from or contract with such public agency, including the employees or agents of such public agency or its contractors or persons or entities to whom it has granted authority, that is responsible for public health matters as part of its official mandate.

The requestor has legal authority to collect or receive the information it is requesting for the stated public health purpose.

The information being requested is the minimum necessary for the stated public health purpose.

In most cases, the requestor should be prepared to provide a written statement of its legal authority. However, in circumstances where it would be impracticable to provide a written statement, a covered entity may rely, if reasonable, on an oral statement of authority.

In addition, the requestor should be prepared to verify its identity by:

  • Presenting an agency identification badge, other official credentials, or other proof of government status if the request is made in person;
  • Making the request on the appropriate government letterhead if the request is made in writing; or
  • If the request is by a person acting on behalf of a public official, providing a written statement on appropriate government letterhead that the person is acting under the government’s

authority or other evidence or documentation of agency, such as a contract for services, memorandum of understanding, or purchase order, that establishes that the person is acting on behalf of the public official.

Additional guidance about the HIPAA Privacy Rule and public health disclosures may be found at: http://www.hhs.gov/ocr/privacy/hipaa/understanding/special/publichealth/index.html