Q: I perform monthly HIPAA audits of computer systems at the medical group where I am employed. I recently started auditing physicians and allied health professionals who are credentialed members of our medical staff.
Obtaining valid authorizations for disclosure is a significant area of risk for many organizations. Often, staff members handling disclosures don't understand the requirements?especially regarding when authorizations are needed and who can legally sign them. This chapter takes a comprehensive look at authorizations, including required elements, when they're needed, when they're not needed, who can sign them, and the need to screen outside authorizations.