May a covered entity disclose protected health information specified in an authorization, even if that information was created after the authorization was signed?

Answer:

Yes, provided that the Authorization encompasses the category of information that was later created, and that the Authorization has not expired or been revoked by the individual. Unless otherwise expressly limited by the Authorization, a covered entity may use or disclose the protected health information identified on the Authorization regardless of when the information was created.

Created 9/24/03