This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Consent vs Authorization
Consent vs Authorization

Version management

Difference between version and

At line 1 added 30 lines
!!! Overview
Frankly, I can not determine a difference in [Consent] [Authorization] or [Delegation]
We also see __Authorized__, __Authorise__ or __[Authorization]__ as the same other than the noun vs verb and possibly the [Context].
%%information
There maybe some narrow legal definitions (like [HIPAA]) that delineate differences between [consent] and [authorization] and [Delegation] but in general, they are could be used interchangeably
%%
!! What is Consent? (According to [HIPAA])[1]
A consent as defined by the [HIPAA Privacy Rule] is a general document that gives healthcare providers, which have a direct treatment relationship with a [patient], [permission] to use and disclose all [PHI] for [TPO]. It gives [permission] __only to that provider__, not to any other person. [Health Care Providers] may condition the provision of treatment on the individual providing this [consent]. One [consent] may cover all uses and disclosures for [TPO] by that provider, indefinitely. A consent need not specify the particular information to be used or disclosed, nor the recipients of disclosed information.
Only doctors or other health care providers with a direct treatment [relationship] with a [patient] are required to obtain [consent]. Generally, a "direct treatment provider" is one that treats a patient directly, rather than based on the orders of another provider, and/or provides health care services or test results directly to [patients]. Other health care providers, health plans, and health care clearinghouses may use or disclose information for [TPO] without consent, or may choose to obtain a consent.
!! What is [Authorization] (According to [HIPAA])
An [authorization] is a more customized document that gives [covered entities|HIPAA Covered Entity] [permission] to use specified [PHI] for specified purposes, which are generally other than [TPO], or to disclose [PHI] to a [Third-party] specified by the individual. [Covered entities|HIPAA Covered Entity] may not condition treatment or coverage on the individual providing an [authorization]. An [authorization] __is more detailed and specific than a consent__. It (the [Authorization]) covers only the uses and disclosures and only the PHI stipulated in the authorization:
* it has an [Expiration Date]
* and, in some cases, it also states the purpose for which the information may be used or disclosed.
An [authorization] is __required__ for use and disclosure of [PHI] not otherwise allowed by the rule. In general, this means an authorization is required for purposes that are not part of [TPO] and not described in § 164.510 (uses and disclosures that require an opportunity for the individual to agree or to object) or § 164.512 (uses and disclosures for which [consent], [authorization], or an opportunity to agree or to object is not required). Situations in which an authorization is required for TPO purposes are identified and discussed in the next question.
All [covered entities|HIPAA Covered Entity], not just direct treatment providers, must obtain an [authorization] to use or disclose [PHI] for these purposes.
For [example], a [covered entity|HIPAA Covered Entity] would need an [authorization] from individuals to sell a [patient] mailing list, to disclose information to an [employer] for employment decisions, or to disclose information for eligibility for life insurance. A [covered entity|HIPAA Covered Entity] will never need to obtain both an individual’s [consent] and [authorization] for a single use or disclosure. However, a provider may have to obtain [consent] and [authorization] from the same [patient] for different uses or disclosures. For example, an obstetrician may, under the [consent] obtained from the patient, send an appointment reminder to the patient, but would need [authorization] from the patient to send her name and address to a company marketing a diaper service.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [What is the difference between consent and authorization under the Privacy Rule?|https://clearwatercompliance.com/hipaa-hitech-news/difference-consent-authorization-privacy-rule//|target='_blank'] - based on information obtained 2016-02-28-
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop