Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » HIPAA » HIPAA Waiver Form

HIPAA Waiver Form

A HIPAA waiver form, also known as a medical record information release form, allows patients to authorize third parties to access their health records. It also permits healthcare providers to share information when needed. Patients can revoke or change these permissions at any time. Sharing medical records without a HIPAA authorization form is a violation.

HIPAA compliance requires obtaining a signed release form from patients before sharing their protected health information with others, except for routine disclosures related to treatment, payment, or healthcare operations allowed by the HIPAA Privacy Rule. 

When do you need a HIPAA Medical Information Release Form?

  • Sharing PHI with third parties for non-standard healthcare purposes, like disclosing information to an insurance underwriter
  • Using PHI for marketing or fundraising purposes
  • Providing PHI to a research organization
  • Disclosing psychotherapy notes
  • Selling PHI or sharing it for financial gain

Additional reading

ISO 27001 surveillance audit
Blogs ISO 27001

How to Prepare Yourself for ISO 27001 Surveillance Audit

If your organization has implemented ISO 27001, it must be audited by an accredited auditor to be certified. An ISO 27001 audit reviews your organization’s information security management system (ISMS) against a set of defined standards.  Once you are certified, it does not stop there. Maintaining it involves more work, both for you and the…
PCI password requirements
Blogs PCI DSS

PCI Password Requirements & Recommended Controls

The Payment Card Industry Data Security Standard (PCI DSS) requires merchants processing cardholder data to implement a set of security measures to protect it. PCI guidelines offer best practices and recommendations to ensure data security. These guidelines ensure the integrity and confidentiality of payment data. This article discusses your obligations as a cardholder data processor,…
HIPAA Risk Assessment
Blogs HIPAA

How to Perform a HIPAA Risk Assessment to Stay Compliant?

The HHS Office of Civil Rights (OCR) provides direction to healthcare entities to implement safeguards for the privacy and security of patients’ protected health information (ePHI) and ensure HIPAA compliance. However, the first crucial step in this direction is to conduct a HIPAA risk assessment, which identifies critical risks and security loopholes. Risk assessment helps…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales