California Offers HIE Guidance Tool for Patient Authorization

The State of California Office of Health Information Integrity (COHII) has created a preliminary guidance tool to help providers in a Health Information Exchange determine when they need to obtain a patient’s authorization to exchange medical information with another healthcare organization--both electronically and via paper—for treatment purposes.

The agency, along with other industry stakeholders, developed the eHealth Patient Authorization Guidance Tool through interpreting the various provisions of the California Medical Information Act and the federal HIPAA patient privacy laws. The tool is set up in a decision-tree format, where providers answer a series of yes or no questions before it gives them a response of whether they need to obtain patient authorization to exchange the information.

While the COHII maintains the draft tool is not comprehensive, it does include responses for various specific healthcare situations, such as if the patient was involved with alcohol or drug abuse, if they received an HIV test, if psychotherapy notes are involved and whether the patient was voluntarily or involuntarily treated. The tool also offers information on why authorization must be obtained in such situations. Further, it also lists references for additional information on how to determine if the authorization is needed, how to obtain it, who can provide it and the minimum amount of information that is necessary.

A copy of the draft tool is available on the COHII website,, under the privacy & security tab. COHII has issued a 60-day public comment period on the tool, which will end June 28. It is soliciting specific feedback, such as how useful the tool is, a confirmation that all applicable laws have been interpreted appropriately, other areas of authorization providers might want addressed in future tools, the clarity of its supporting materials and end-user usability. Comments may be sent to Rupinder Colby at