This consent order concerns violations by Swift Jet, Inc., (Swift Jet) of 14 CFR 212.9 (b), the Department's prior
authorization requirement rule for foreign air carriers.
Not exact matches
In addition to any other
requirements or restrictions set forth in this Agreement, you shall not: (i) utilize the credit available on any Card to provide cash advances to Cardholders, (ii) submit any card transaction for processing that does not arise from your sale of goods or service to a buyer customer, (iii) act as a payment intermediary or aggregator or otherwise resell our services on behalf of any third party, (iv) send what you believe to be potentially fraudulent
authorizations or fraudulent card transaction, or (v) use your Merchant Account or the Service in a manner that Visa, MasterCard, American Express, Discover or any other Payment Network reasonably believes to be an abuse of the Payment Network or a violation of Payment Network
rules.
In addition, the final
rule allows a covered health care provider or health plan to use or disclose protected health information pursuant to an
authorization that was approved by a single IRB or privacy board, provided the
authorization met the
requirements of § 164.508.
Response: We agree with this concern and clarify that covered entities are permitted to use protected health information in this manner without
authorization as part of the management activities relating to implementation of and compliance with the
requirements of this
rule.
We discuss the examples here, however, to clarify the interaction of the
authorization requirements and the provisions of the
rule that permit uses and disclosures without
authorization and / or with consent.
We want to be clear, however, that covered entities will be in compliance with this
rule if they use or disclose protected health information pursuant to an
authorization that meets the
requirements of § 164.508.
In order to make uses and disclosures that are not covered by the consent
requirements and not otherwise permitted or required under the final
rule, covered entities must obtain the individual's «
authorization.»
The final
rule makes the following modifications to the NPRM's proposed documentation
requirements for the waiver of individual
authorization:
Response: We retain the
requirement for covered entities to obtain
authorization for all uses and disclosures of protected health information that are not otherwise permitted or required under the
rule without
authorization.
Comment: Some commenters complained that the absence of a definition for disease management created uncertainty, in view of the proposed
rule's
requirement to get
authorization for marketing.
Other commenters complained that the absence of a definition for disease management created uncertainty in view of the proposed
rule's
requirement to get
authorization for marketing.
One contract specifies that the issuer may use and disclose protected health information about the participants in the group health plan for research purposes without
authorization (subject to the
requirements of this
rule) and one contract specifies that the issuer must always obtain
authorizations for these uses and disclosures.
However, a covered entity will need to obtain an
authorization that meets the
requirements of § 164.508, to the extent that it is required to obtain an
authorization under this
rule, from an individual before it may use or disclose any protected health information it creates or receives after the date by which it must comply with this
rule.
The final
rule retains these
requirements for research conducted with
authorization, as required by § 164.508.
Response: We agree with the comment supporting the proposed
rule's provision to impose no
requirements for the location or sponsorship of the IRB or privacy board that was convened to review a research proposal for the alteration or waiver of
authorization criteria.
The board that would determine whether the research protocol met the eight specified criteria for waiving the patient
authorization requirements (described above), could have been an IRB constituted as required by the Common
Rule, or a privacy board, whose proposed composition is described below.
In some cases, our
rules may demand additional
requirements, such as obtaining the approval of a privacy board or Institutional Review Board if a covered entity seeks to disclose protected health information for research purposes without the individual's
authorization.
Response: For the reasons explained above, we retain in the final
rule a
requirement that a separate
authorization must be obtained for most uses or disclosures of psychotherapy notes, including those for treatment, payment, and health care operations.
Another commenter recommended that the
authorization requirement for disclosure of financial gain be defined in accordance with FDA's financial disclosure
rules.
Response: Because of the myriad of types of forms that could meet these
requirements and the desire to encourage covered entities to develop forms that meet their specific needs, we do not include a model
authorization form in the final
rule.
We believe that the research
authorization requirements of § 164.508 (f) complement the Common
Rule's
requirement for informed consent.
While the privacy
rules have
requirements that are somewhat different, the program may use notice and
authorization forms that include all the elements required by both regulations.
Comment: In addition to the proposed waiver criteria, several commenters recommended that the final
rule also instruct IRBs and privacy boards to consider the type of protected health information and the sensitivity of the information to be disclosed in determining whether to grant a waiver, in whole or in part, of the
authorization requirements.
The
requirement also did not apply to uses and disclosures made: pursuant to the compliance and enforcement provisions of the
rule; as required by law and permitted by the regulation without individual
authorization; by a covered health care provider to a health plan, when the information was requested for audit and related purposes.
Some of the proposed
requirements for
authorization were modified in the final
rule as discussed in the preamble on § 164.508.
In the final
rule, we permit a covered entity to rely upon such consent,
authorization, or permission to use or disclose protected health information that it created or received before the applicable compliance date of the regulation to carry out the treatment, payment, or health care operations as long as it meets two
requirements.
The final Security
Rule will detail the system and administrative
requirements that a covered entity must meet in order to assure itself and the Secretary that health information is safe from destruction and tampering from people without
authorization for its access.
As under the proposed
rule, we permit covered entities to use or disclose protected health information without the individual's consent,
authorization or agreement for specified Start Printed Page 82499public policy purposes, in compliance with the
requirements in § 164.512.
Clearinghouses acting as business associates are not subject to the other
requirements of this
rule, which include the provisions relating to procedural
requirements,
requirements for obtaining consent, individual
authorization or agreement, provision of a notice, individual rights to request privacy protection, access and amend information and receive an accounting of disclosures and the administrative
requirements.
Our intent is to clarify that a covered entity that uses or discloses protected health information pursuant to an
authorization meeting the applicable
requirements will be in compliance with this
rule.
Section 1001.354 of the Texas Education Code contains the basic
authorization for an alternative delivery method (ADM) of a driving safety course, and the
requirements that are applicable to all driving safety courses (including ADMs) are in TDLR's
rules in Title 16 of the Texas Administrative Code Chapter 84.
Consequently, because statutes and
rules in each state provide a scope of practice for CNAs and medication aides or assistants, and establish the educational and examinational
requirements for these personnel, medical assistants will be given
authorization to work clinically in these inpatient environments only if they meet the legal
requirements and actually become nursing assistants or medication aides.