The Substance Abuse and Mental Health Services Administration (SAMHSA) gave organizations and patients some relief from the stricter privacy rules protecting substance abuse and treatment information. But did SAMHSA really make the rule simpler, or will privacy and security officers find themselves grappling with a fresh set of complicated rules and exceptions?
An authorization generally applies when an organization wishes to use or disclose a patient’s protected health information for a purpose other than treatment, payment, or healthcare operations, or for legally required purposes. In this case, a patient must sign a HIPAA-compliant authorization form that specifically grants permission to the organization.
Data integrity and analytics, increased HIPAA enforcement, patient-generated health data, and information security emerged as the top four topics at the 2017 Health Information and Management Systems Society national conference.
