The Office for Civil Rights (OCR) is planning to implement a regulation that would share HIPAA settlements and monetary penalties with individuals affected by breaches.
An authorization generally applies when an organization wishes to use or disclose a patient’s protected health information for a purpose other than treatment, payment, or healthcare operations, or for legally required purposes. In this case, a patient must sign a HIPAA-compliant authorization form that specifically grants permission to the organization.
