Authorization to Use or Disclose PHI: HIPAA Policy
Subscriber Content
This sample policy outlines procedures organizations should follow common to proper use or disclosure of protected health information (PHI).
The Health Insurance Portability and Accountability Act (HIPAA) requires a covered entity (CE) to obtain authorization to use or disclose protected health information for all purposes not explicitly permitted under the regulations (45 CFR §164.508[b][4]; §164.508[c]; §164.508[d]). A CE is a firm or individual group that provides healthcare services and that would use private health information. This includes physicians and all other caregivers, healthcare insurance plans, clearing houses and hybrid organizations.