Exhibit A:
Authorization Requirements

This exhibit was las updated on June 3, 2024.

Any Authorized Request received by Customer must contain the following elements and any other items required by law, otherwise the Authorization will be considered defective, and Customer will not request data pursuant to such Authorization.  
  1. A description of the information to be used or disclosed that identifies the information in a specific and meaningful fashion;
  2. The name or other specific identification of the person(s) or class of persons authorized to make the requested use or disclosure;
  3. The name or other specific identification of the person(s) or class of persons to whom the covered entity may make the requested use or disclosure;
  4. A description of each purpose of the requested use or disclosure;
  5. An expiration date or event that relates to the individual or the purpose of the use or disclosure;
  6. Signature of the individual and date and, if signed by a personal representative of the individual, a description of such representative's authority to act for the individual;
  7. A statement that the individual may revoke the authorization, in writing, the exceptions to the right to revoke, and a description of how the individual may revoke the authorization;
  8. A statement whether information disclosed pursuant to the authorization is subject to re‐disclosure by the recipient and no longer protected by the federal privacy regulations;
  9. A statement regarding the ability or inability to condition treatment, payment, enrollment or eligibility for benefits on the authorization consistent with 45 CFR §164.508(c)(2)(ii).
  10. If AIDS Virus (HIV) Antibody/Antigen testing is to be included in the Authorization, a specific reference to AIDS Virus (HIV) Antibody/Antigen testing is required.