RE: Multiagency authorizations

[Matthew Rosenblum]

Title: Message

Laura,   When an Authorization Form contains “check-offs” that correspond to various types of PHI and various types of uses and disclosures, workforce members may tend to misuse the Form to combine HIPAA-required authorizations with other types of consents or authorizations that, under HIPAA, should not be combined.   To be sure, the HIPAA-Authorization Form may be a template that is used for (only) a relatively small number of HIPAA-specified purposes: marketing, research without an IRB waiver, media or press releases, release of PHI to employers, and the like.� It could be that the need to execute the HIPAA-required authorization will NOT arise as often as your clinicians anticipate.   I hope that this helps.   Your questions are always welcome.   Matt   Matthew Rosenblum Chief Operations Officer Privacy, Quality Management & Regulatory Affairs   CPI Directions, Inc. 10 West 15th Street, Suite 1922 New York, NY 10011   (212) 675-6367 [EMAIL PROTECTED]   CONFIDENTIALITY NOTICE: This E-Mail is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you have received this communication in error, please do not distribute it.� Please notify the sender by E-Mail at the address shown and delete the original message. Thank you.   AVISO DEL CONFIDENCIALIDAD: Este email es solamente para el uso del individuo o la entidad a la cual se dirige y puede contener informaci�n privilegiada, confidencial y exenta de acceso bajo la ley aplicable. Si usted ha recibido esta comunicaci�n por error, por favor no lo distribuya.� Favor notificar al remitente del E-Mail a la direcci�n mostrada y elimine el mensaje original. Gracias.   -----Original Message----- From: Schmitt, Laura A. [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 8:49 PM To: WEDI SNIP Privacy Workgroup List Subject: Multiagency authorizations   Several people on our HIPAA implementation team are hoping others input might help in resolving our question about HIPAA's instructions to avoid compound authorizations and how that relate to the use of multi-agency authorization forms.    The final HIPAA Privacy regulations - 164.508 (b)(3) - prohibit the use of compound authorizations (i.e., combining with any other document an authorization for use or disclosure of phi...except for limited and specific exceptions).     We are a county-operated yet multi-jurisdictional behavioral health organization that plans, contracts, and directly provides treatment & prevention services. We are one of several covered health care components of our County government's hybrid entity. Much of the clinical work we do is as part of collaborative teams with other organizations (i.e., court staff, county social service staff, coordinating offices that serve as fundors, and other community groups, agencies & service providers).   In the past, the local human service organizations that staffed such efforts agreed to use a multi-agency "Universal" authorization form. This form includes checkboxes for the various organizations involved, and then all of the other listed elements of a valid authorization. The clinical staff point out the obvious benefit that staff and the client need only sign one form.    The other point of view is that proffered by our MIS vendor and endorsed by several groups similar to ours in the state is the single purpose release forms, which allow for only one-on-one exchanges of information between entities. This option assuries that the system records the limits of each release individually. Primarily the technical staff consider the single agent/purpose release form to conform to the spirit of the regulations...but clinicians believe that they will create an overwhelming paperwork burden on staff & clients.    I've found the language of this section confusing, and would be interested in knowing how others have interpreted this section and resolved the issue of handling releases of information when working with clients involved with numerous organizations.    Thanks in advance for any insights you can offer.   Laura Schmitt, Business Analyst Fairfax-Falls Church Community Services Board _______________________________________ This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Thank you. --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org