What is a HIPAA Waiver of Authorization?
A HIPAA Waiver of Authorization is a crucial legal document that permits the sharing of an individual’s health information with third parties. This waiver is a fundamental component of the patient privacy safeguards outlined in the Health Insurance Portability and Accountability Act (HIPAA) of 1996.
Breaking Down the HIPAA Waiver of Authorization
The HIPAA Waiver of Authorization empowers healthcare providers to share a patient’s health information with various parties like researchers, attorneys, other medical practitioners, and family members. This waiver has become essential in the digital era due to heightened concerns regarding healthcare data privacy, particularly as transmitting patient information is now more accessible through digital channels than traditional methods like mail or fax.
Protected Health Information (PHI) under HIPAA encompasses data tied to a specific individual and held by covered entities like health insurers or healthcare providers. HIPAA outlines 18 specific identifiers that, when linked to health information, constitute PHI. The regulations permit researchers to seek approval to access and utilize PHI for research purposes.
Examples of studies involving PHI usage include:
- Studies involving the review of existing health records (e.g., retrospective chart review).
- Studies generating new medical information through research-related healthcare services (e.g., diagnosis, new drugs).
Additional standards and criteria are in place to safeguard individual privacy from re-identification. For instance, codes replacing identifiers in datasets must not be derived from any personal information, and the method for creating codes cannot be disclosed.
Getting Approval for a HIPAA Waiver of Authorization
For a HIPAA waiver to be approved for research, it must meet three criteria: minimal risk to privacy, necessity for research, and impracticality of research without the information.
In situations where a family member seeks to obtain health information through an attorney during a medical emergency, the patient must have previously granted permission in the healthcare power of attorney to waive HIPAA protection and allow the designated personal representative access to confidential health data.