Certified in Healthcare Privacy and Security (CHPS) Practice

The document that allows a covered entity to use or disclose protected health information with an authorization is the research authorization form. This form is specifically designed for situations where the use or disclosure of protected health information (PHI) is necessary for research purposes. It requires individuals to provide explicit consent, ensuring that they are fully informed about how their PHI will be used and shared in the context of the research.

Research authorization forms are crucial in maintaining compliance with the Health Insurance Portability and Accountability Act (HIPAA) regulations, which mandate that individuals have the right to control their personal health information. The authorization must detail the information to be disclosed, the purpose of the disclosure, to whom it will be released, and the duration of the authorization.

While the data use agreement and waiver from the Institutional Review Board (IRB) serve important roles in research ethics and data sharing, they do not specifically offer the level of consent provided by a research authorization form for the use or disclosure of PHI. An annual report does not pertain to the authorization for PHI use or disclosure. Therefore, the correct choice aligns with the requirements for obtaining consent under HIPAA for research involving PHI.