Which of the following describes a proper written authorization for PHI disclosure?

A proper written authorization for the disclosure of protected health information (PHI) must include all elements outlined in the Health Insurance Portability and Accountability Act (HIPAA). These elements ensure that patients are fully informed about what information will be disclosed, to whom it will be disclosed, the purpose of the disclosure, and the patient's right to revoke authorization at any time.

HIPAA specifies that an authorization form must contain specific components, including the patient's name, a description of the information being disclosed, the purpose of the disclosure, an expiration date, and the signature of the individual granting authorization. This level of detail is important for protecting patient privacy and ensuring compliance with federal regulations governing healthcare information.

The other options do not fulfill the necessary criteria for a proper authorization. A verbal agreement documented by staff lacks the necessary written consent, an authorization signed by a non-relative does not assure the patient's consent, and approval from the healthcare provider alone does not meet the requirement for patient authorization. Proper authorization is fundamentally about securing consent from the patient themselves, hence the importance of including all required elements in the written form.