Abstract
This article clarifies HIPAA regulations regarding the disclosure of protected health information (PHI). It distinguishes between a "Right of Access" request, where a patient directly seeks their own record (no authorization needed), and an "Authorization," which is required for disclosures beyond treatment, payment, or health care operations, or to third parties for ongoing access. The author details activities permissible without authorization, such as coordination of care, billing, and quality improvement. Specific examples are provided for situations requiring authorization, like disclosing PHI to attorneys or for marketing. The article also outlines seven essential elements for a HIPAA-compliant authorization form
Recommended Citation
Cosey, Jennifer
(2025)
"What to Know about Release of Information, Authorization, and Records Requests,"
The Journal of the Michigan Dental Association: Vol. 107:
No.
7, Article 12.
Available at:
https://commons.ada.org/journalmichigandentalassociation/vol107/iss7/12
Submit Article
