FEATURED ARTICLES

Do you need a patient's authorization or consent to send MD reports to a patient's provider?

No, you are not required to acquire patient authorization or consent to send MD reports, at least in the United States. The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule states that a health care provider is permitted to use or disclose protected health information (PHI) for treatment, payment, and operational (TPO) purposes without the individual's authorization or consent. Sending MD reports to a patient's provider falls under treatment purposes. See the definition of "treatment" at 45 CFR 164.501

According to the HIPAA Privacy Rule, patient authorization is only required for PHI uses and disclosures that fall outside of TPO purposes. Patient consent is optional and is used to obtain a patient's permission to use or disclose PHI for TPO purposes. Covered entities are free to establish their own procedures regarding patient consent.

Please reference your organization's policies and procedures as they may be more stringent than HIPAA. 

⚠️ This information is not intended to be a substitute for legal advice. ChiroUp always recommends that you consult with your healthcare attorney to define specific legal requirements for your jurisdiction before making any changes to your existing policy.

Was this article helpful?

Have more questions? Contact us