Page 35 - Privacy_Program
P. 35

PROHIBITING THE USE OF AN INVALID AUTHORIZATION TO DISCLOSE PRPI [DP132]
        Back to Table of Contents


        Scope: Enterprise
        Distribution: Executive Leadership Team; Director of Information Technology, Privacy and Data Security; Directors, Managers and
        Supervisors; All Services and Programs Employees; and Other Employees with Access to Protected Health Information and Other
        Privacy‐Restricted Participant Information (includes Contractors, temporary employees and Interns)
        Purpose: To ensure authorizations are accurate and complete.
        External Regulation or Standard: 45 C.F.R. §164.508(b) – Valid authorizations


        Who is Responsible     Statement    Policy, Standard, or Procedure Statement
                                Number
        Employees with Access    DP132.1    The organization prohibits the use of an invalid authorization to use or disclose
        to Protected Health                 Protected Health Information (PHI) and other Privacy Restricted Participant
        Information (PHI) and               Information (PRPI).
        Other Privacy‐
        Restricted Participant
        Information (PRPI)

        Employees and Others     DP132.2    An authorization will become invalid if the organization knows that the
        with Access to PHI and              authorization has been revoked.
        Other PRPI

        Employees with Access    DP132.3    The organization will determine that an authorization to use or disclose PHI or
        to PHI and Other PRPI               other PRPI is not valid upon the following events:
                                DP132.3a    (a)  the expiration date has passed or the expiration event is known by the
                                            organization to have occurred, with a maximum period of one year or more for
                                            all authorizations other than the Publicity Model Release Form as described in
                                            DP‐131;

                                DP132.3b    (b)  all of the required elements of the authorization have not been filled out
                                            completely;
                                DP132.3c    (c)  the authorization lacks any of the required elements specified in Obtaining an
                                            Authorization (see DP‐130A for PRPI and DP130B for PHI) as required for the use
                                            or disclosure;

                                DP132.3d    (d)  the authorization is inappropriately combined with any other document to
                                            create a compound authorization;

                                DP132.3e    (e)  if any material information in the authorization is known by the organization
                                            to be false; or

                                DP132.3f    (f)  treatment, payment, enrollment or eligibility for benefits have been
                                            unlawfully conditioned on the provision of such authorization (see DP‐131).














         GES CONFIDENTIAL                                                                                    32
   30   31   32   33   34   35   36   37   38   39   40