According to HIPAA, an “authorization” is required by the Privacy Rule for uses and disclosures of protected health information not otherwise allowed by the Rule. Further, an authorization must specify a number of elements, including a description of the protected health information to be used and disclosed, the person authorized to make the use or disclosure, the person to whom the covered entity may make the disclosure, an expiration date, and, in some cases, the purpose for which the information may be used or disclosed.

Authorization in the context of role-based operations, however, pertains to the official management decision to authorize operation of a system and to explicitly accept the risk to organizational operations based on the implementation of an agreed-upon set of security and privacy controls. This description and further details can be found in NIST documentation.

Topic

  • Uncategorized

Related Entries

Scheduled Workflow (SWF)

This profile establishes the continuity and integrity of basic departmental imaging data acquired in an environment where examinations are generally…

SMPTE

SMPTE (Society for Motion Picture and Television Engineers) is an international standards development organization. SMPTE has specified several test patterns,…

SOP Class

A SOP (Service Object Pair) Class is a combination of a service such as Store, Retrieve, and an object such…