漫香阁

Question: I鈥檝e observed that our patient documents related to HIPAA are only valid for one year from the signing date. Is this still any way to extend this? I鈥檓 just trying to create less work for our front desk personnel.

漫香阁 Forum Participant

Answer: The Office for Civil Rights (OCR) says the HIPAA Privacy Rule stipulates that all authorization forms must include an expiry date. This date provides clarity to the authorizer about when, to whom, or for what reasons information may be disclosed. says: 鈥淎n Authorization remains valid until its expiration date or event, unless effectively revoked in writing by the individual before that date or event. The fact that the expiration date on an Authorization may exceed a time period established by State law does not invalidate the Authorization under the Privacy Rule, but a more restrictive State law would control how long the Authorization is effective.鈥�

To keep additional paperwork to a minimum, the date of authorization can be tied to a specific event, such as the termination of a patient鈥檚 enrollment in a health plan, rather than a fixed timeline, unless there are more stringent requirements in your state than those set by the OCR.

Lindsey Bush, BA, MA, CPC, Production Editor, 漫香阁