Defining HIPAA Waiver of Authorization

A legal instrument that permits the use or disclosure of an individual's health information to a third party is HIPAA.

The waiver is one of several patient-privacy safeguards outlined in the 1996 health insurance Portability and Accountability Act (HIPAA).

What Does HIPAA Waiver of Authorization Cover?

The HIPAA waiver of authorization permits clinicians to share a patient's health information with other parties, including researchers, attorneys, other doctors, or family members. In the digital age, healthcare privacy has become more prominent; doctors can now transfer patient health information via the Internet much more quickly than they could when data had to be mailed or faxed.

Protected Health Information (PHI) refers to the information that can be linked to a specific individual and is stored by a covered entity - such as a healthcare provider, health insurer, or healthcare clearinghouse, which is covered under HIPAA. When linked to health information, HIPAA identifies 18 distinct identifiers that establish PHI. HIPAA standards allow researchers to acquire permission to access and utilize PHI in research.

The following are some examples of such research:

• Studies involving data abstraction from the subject's health record for research objectives - such as retrospective chart reviews or other studies - that entail the evaluation of existing health records.
• Studies that provides new medical knowledge resulting from a healthcare service are part of the research.
• Most studies that diagnose a health issue or test novel treatments or devices, for example, generate PHI that will be placed into the medical record.

Additional requirements and criteria are in place to safeguard an individual's privacy from being re-identified. For instance, any code used to substitute identifiers in datasets cannot be generated from any information about the individual or master codes, nor can the technique for obtaining the codes be revealed.

Approval for HIPAA Waiver of Authorization

Ideally, three requirements must be met for a HIPAA waiver to be obtained for research purposes:

• The health information that will be provided must pose minimal danger to the disclosing party's privacy.
• The researchers must ensure that research activities would be impossible to carry out without the data, and,
• Without the waiver, it is not possible to carry out the research.

To let any person circumvent HIPAA rules by using an attorney, the patient should have already stated in their healthcare power of attorney that they expressly waive HIPAA protection and allow the specific representative to know their private health information.