Documents and Resources

RGD: HIPAA Privacy Rule & Authorization

Download File

Revised Policy Date


To protect patient privacy, “covered entities” (all health plans, health care “clearinghouses,” and health care providers) must obtain specific, written authorization from a patient to use or disclose PHI. Patients must also be notified about their right to restrict the use and disclosure of such information.

Related Documents

Related Glossary Items

Type of Document

  • Guidance