Consent Authorizations Profile Trust Interoperability Profile

Table of Contents

Overall Organization

Trustmark Definition Checklist

Authorization Revocation

Issuance Criteria:
no(assessment_01) OR (yes(assessment_02) OR yes(assessment_03))


HIPAA Consent Authorization Form Requirements - Elements

HIPAA Consent Authorization Form Requirements - Notice Statements

Issuance Criteria:
yes(ALL)


42 CFR Part 2 Consent Authorization Form Requirements - Elements

42 CFR Part 2 Consent Authorization Form Requirements - Notice Statements

This notice covers the disclosure of information to you concerning a client in alcohol/drug treatment, made to you with the consent of such client. This information has been disclosed to you from records protected by federal confidentiality rules (42 C.F.R. Part 2). The federal rules prohibit you from making any further disclosure of this information unless further disclosure is expressly permitted by the written consent of the person to whom it pertains or as otherwise permitted by 42 C.F.R. Part 2. A general authorization for the release of medical or other information is NOT sufficient for this purpose. The federal rules restrict any use of the information to criminally investigate or prosecute any substance abuse patient. [assessment_10]

Issuance Criteria:
yes(ALL)


HIPPA Defective Authorizations

Compound Authorizations

Prohibition on Conditioning of Authorizations

Issuance Criteria:
(no(assessment_01) AND yes(assessment_02) AND no(assessment_03) AND no(assessment_04)) AND (!yes(assessment_05) OR yes(assessment_06) OR yes(assessment_07)) AND (!yes(assessment_09) OR yes(assessment_10 OR yes(assessment_11) OR yes(assessment_12))


HIPAA Consent Authorization Form Requirements - Elements

Issuance Criteria:
no(ALL)


URI:
http://ncsc.org/trustmarks/trustmark-definitions/consent-authorization/consent-authorizations/1.0/

Description:
This Trust Interoperability Profile defines requirements for HIPAA and 42 CFR Part 2 Compliant Consent Authorizations.

References

Trustmark Definition Requirements

Trust Interoperability Profiles

Trust Expression:

TIP_01 AND TIP_02 AND TD_01

URI:
http://ncsc.org/trustmarks/trustmark-definitions/consent-authorization/consent-authorization-revocation/1.0/

Description:
This Trustmark Definition defines requirements to determine if a consent authorization has been revoked.

Metadata

Key Value
tf:TargetStakeholderDescription Organizations that are interested in safely and legally exchanging information in a manner that complies with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRecipientDescription Organizations that want to demonstrate that they provide and/or consume digital information services in a manner that complies with with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRelyingPartyDescription Organizations and individuals that require their trusted partners' computer and information systems to comply with HIPAA and 42 CFR Part 2 regulations.
tf:TargetProviderDescription Organizations that audit or evaluate other organizations for compliance with HIPAA and 42 CFR Part 2 regulations.
tf:ProviderEligibilityCriteria Any organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.
tf:AssessorQualificationsDescription Any individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.
tf:TrustmarkRevocationCriteria For any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.
tf:ExtensionDescription This Trustmark Definition requires no extension data.
tf:LegalNotice This document and the information contained herein is provided on an “AS IS” basis, and the National Center for State Courts disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the National Center for State Courts disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
tf:Notes The National Center for State Courts (NCSC) has published this document with the support of the [TBD] via [TBD]. The views expressed herein do not necessarily reflect the official policies of NCSC, [TBD], or [TBD]; nor does mention of trade names, commercial practices, or organizations imply endorsement by the U.S. Government.

Conformance Criteria

Authorization Revocation

Description: A consent authorization MUST NOT have been revoked.

Issuance Criteria:
no(assessment_01) OR (yes(assessment_02) OR yes(assessment_03))

URI:
http://ncsc.org/trustmarks/trustmark-definitions/consent-authorization/consent-authorization-form-requirements/1.0/

Description:
This Trust Interoperability Profile defines requirements for creating HIPAA and 42 CFR Part 2 Compliant Consent Authorization Forms.

References

Trustmark Definition Requirements

Trust Interoperability Profiles

Trust Expression:

TD_01 AND TD_02

URI:
http://ncsc.org/trustmarks/trustmark-definitions/consent-authorization/HIPAA-consent-authorization-form-requirements/1.0/

Description:
This Trustmark Definition defines requirements for creating a HIPAA Consent Authorization Form.

Metadata

Key Value
tf:TargetStakeholderDescription Organizations that are interested in safely and legally exchanging information in a manner that complies with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRecipientDescription Organizations that want to demonstrate that they provide and/or consume digital information services in a manner that complies with with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRelyingPartyDescription Organizations and individuals that require their trusted partners' computer and information systems to comply with HIPAA and 42 CFR Part 2 regulations.
tf:TargetProviderDescription Organizations that audit or evaluate other organizations for compliance with HIPAA and 42 CFR Part 2 regulations.
tf:ProviderEligibilityCriteria Any organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.
tf:AssessorQualificationsDescription Any individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.
tf:TrustmarkRevocationCriteria For any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.
tf:ExtensionDescription This Trustmark Definition requires no extension data.
tf:LegalNotice This document and the information contained herein is provided on an “AS IS” basis, and the National Center for State Courts disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the National Center for State Courts disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
tf:Notes The National Center for State Courts (NCSC) has published this document with the support of the [TBD] via [TBD]. The views expressed herein do not necessarily reflect the official policies of NCSC, [TBD], or [TBD]; nor does mention of trade names, commercial practices, or organizations imply endorsement by the U.S. Government.

Conformance Criteria

Description: A consent authorization MUST include the required elements.

Description: A consent authorization MUST include the required notice statements.

Issuance Criteria:
yes(ALL)

URI:
http://ncsc.org/trustmarks/trustmark-definitions/consent-authorization/24-CFR-part-2-consent-authorization-form-requirements/1.0/

Description:
This Trustmark Definition defines requirements for creating a 42 CFR Part 2 Consent Authorization Form.

Metadata

Key Value
tf:TargetStakeholderDescription Organizations that are interested in safely and legally exchanging information in a manner that complies with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRecipientDescription Organizations that want to demonstrate that they provide and/or consume digital information services in a manner that complies with with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRelyingPartyDescription Organizations and individuals that require their trusted partners' computer and information systems to comply with HIPAA and 42 CFR Part 2 regulations.
tf:TargetProviderDescription Organizations that audit or evaluate other organizations for compliance with HIPAA and 42 CFR Part 2 regulations.
tf:ProviderEligibilityCriteria Any organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.
tf:AssessorQualificationsDescription Any individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.
tf:TrustmarkRevocationCriteria For any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.
tf:ExtensionDescription This Trustmark Definition requires no extension data.
tf:LegalNotice This document and the information contained herein is provided on an “AS IS” basis, and the National Center for State Courts disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the National Center for State Courts disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
tf:Notes The National Center for State Courts (NCSC) has published this document with the support of the [TBD] via [TBD]. The views expressed herein do not necessarily reflect the official policies of NCSC, [TBD], or [TBD]; nor does mention of trade names, commercial practices, or organizations imply endorsement by the U.S. Government.

Conformance Criteria

Description: A consent authorization MUST include the required elements.

Description: A consent authorization MUST include the required notice statements.

This notice covers the disclosure of information to you concerning a client in alcohol/drug treatment, made to you with the consent of such client. This information has been disclosed to you from records protected by federal confidentiality rules (42 C.F.R. Part 2). The federal rules prohibit you from making any further disclosure of this information unless further disclosure is expressly permitted by the written consent of the person to whom it pertains or as otherwise permitted by 42 C.F.R. Part 2. A general authorization for the release of medical or other information is NOT sufficient for this purpose. The federal rules restrict any use of the information to criminally investigate or prosecute any substance abuse patient. [assessment_10]

Issuance Criteria:
yes(ALL)

URI:
http://ncsc.org/trustmarks/trustmark-definitions/consent-authorization/defective-consent-authorizations/1.0/

Description:
This Trust Interoperability Profile specifies requirements for creating a generic Policy.

References

Trustmark Definition Requirements

Trust Interoperability Profiles

Trust Expression:

TD_01 AND TD_02

URI:
http://ncsc.org/trustmarks/trustmark-definitions/consent-authorization/HIPAA-defective-consent-authorizations/1.0/

Description:
This Trustmark Definition defines requirements to determine if a consent authorization is not defective.

Metadata

Key Value
tf:TargetStakeholderDescription Organizations that are interested in safely and legally exchanging information in a manner that complies with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRecipientDescription Organizations that want to demonstrate that they provide and/or consume digital information services in a manner that complies with with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRelyingPartyDescription Organizations and individuals that require their trusted partners' computer and information systems to comply with HIPAA and 42 CFR Part 2 regulations.
tf:TargetProviderDescription Organizations that audit or evaluate other organizations for compliance with HIPAA and 42 CFR Part 2 regulations.
tf:ProviderEligibilityCriteria Any organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.
tf:AssessorQualificationsDescription Any individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.
tf:TrustmarkRevocationCriteria For any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.
tf:ExtensionDescription This Trustmark Definition requires no extension data.
tf:LegalNotice This document and the information contained herein is provided on an “AS IS” basis, and the National Center for State Courts disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the National Center for State Courts disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
tf:Notes The National Center for State Courts (NCSC) has published this document with the support of the [TBD] via [TBD]. The views expressed herein do not necessarily reflect the official policies of NCSC, [TBD], or [TBD]; nor does mention of trade names, commercial practices, or organizations imply endorsement by the U.S. Government.

Conformance Criteria

HIPPA Defective Authorizations

Description: A consent authorization MUST NOT be defective.

Compound Authorizations

Description: A compound consent authorization MUST NOT be defective.

Prohibition on Conditioning of Authorizations

Description: A consent authorization MUST NOT violate requirements involving authorizations being used as a condition for other services.

Issuance Criteria:
(no(assessment_01) AND yes(assessment_02) AND no(assessment_03) AND no(assessment_04)) AND (!yes(assessment_05) OR yes(assessment_06) OR yes(assessment_07)) AND (!yes(assessment_09) OR yes(assessment_10 OR yes(assessment_11) OR yes(assessment_12))

URI:
http://ncsc.org/trustmarks/trustmark-definitions/consent-authorization/42-CFR-part-2-defective-consent-authorizations/1.0/

Description:
This Trustmark Definition defines requirements to determine if a consent authorization is not defective.

Metadata

Key Value
tf:TargetStakeholderDescription Organizations that are interested in safely and legally exchanging information in a manner that complies with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRecipientDescription Organizations that want to demonstrate that they provide and/or consume digital information services in a manner that complies with with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRelyingPartyDescription Organizations and individuals that require their trusted partners' computer and information systems to comply with HIPAA and 42 CFR Part 2 regulations.
tf:TargetProviderDescription Organizations that audit or evaluate other organizations for compliance with HIPAA and 42 CFR Part 2 regulations.
tf:ProviderEligibilityCriteria Any organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.
tf:AssessorQualificationsDescription Any individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.
tf:TrustmarkRevocationCriteria For any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.
tf:ExtensionDescription This Trustmark Definition requires no extension data.
tf:LegalNotice This document and the information contained herein is provided on an “AS IS” basis, and the National Center for State Courts disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the National Center for State Courts disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
tf:Notes The National Center for State Courts (NCSC) has published this document with the support of the [TBD] via [TBD]. The views expressed herein do not necessarily reflect the official policies of NCSC, [TBD], or [TBD]; nor does mention of trade names, commercial practices, or organizations imply endorsement by the U.S. Government.

Conformance Criteria

Description: A consent authorization MUST include the required elements.

Issuance Criteria:
no(ALL)

Glossary

Term Definition
Authorization The process of granting a person, computer process, or device with access to certain information, services, or functionality. Authorization is derived from the identity of the person, computer process, or device requesting access that is verified through authentication.
Disclosure The release, transfer, provision of access to, sharing, publication, or divulging of personal information in any manner—electronic, verbal, or in writing—to an individual, entity, or organization outside the entity that collected it. Disclosure is an aspect of privacy focusing on information which may be available only to certain people for certain purposes but which is not available to everyone.
HIPAA Health Insurance Portability and Accountability Act of 1996
PHI Protected Health Information