HIPAA AUTHORIZATION FOR RELEASE OF PROTECTED HEALTH INFORMATION

AUTHORIZATION FOR USE AND/OR DISCLOSURE OF HEALTH INFORMATION

COVERED ENTITY INFORMATION

Organization Name: [________________________________]

Address: [________________________________]

City, State, ZIP: [________________________________]

Phone: [________________________________]

Fax: [________________________________]

SECTION 1: PATIENT INFORMATION

Patient Name: [________________________________]

Date of Birth: [__/__/____]

Address: [________________________________]

City, State, ZIP: [________________________________]

Phone: [________________________________]

Email: [________________________________]

Medical Record Number (if known): [________________________________]

Social Security Number (last 4 digits, optional): XXX-XX-[____]

SECTION 2: AUTHORIZATION DETAILS

2.1 Person/Entity Authorized to DISCLOSE Information

Name: [________________________________]

Organization (if applicable): [________________________________]

Address: [________________________________]

City, State, ZIP: [________________________________]

Phone: [________________________________]

Fax: [________________________________]

2.2 Person/Entity Authorized to RECEIVE Information

Name: [________________________________]

Organization (if applicable): [________________________________]

Address: [________________________________]

City, State, ZIP: [________________________________]

Phone: [________________________________]

Fax: [________________________________]

Email (if electronic delivery authorized): [________________________________]

SECTION 3: DESCRIPTION OF INFORMATION TO BE DISCLOSED

3.1 Specific Information Authorized for Release

I authorize the release of the following protected health information:

Date Range of Records: [__/__/____] to [__/__/____]

☐ Complete medical record

OR select specific record types:

☐ History and physical examination
☐ Consultation reports
☐ Progress notes/office visit notes
☐ Discharge summary
☐ Operative/procedure reports
☐ Laboratory results
☐ Radiology/imaging reports
☐ Pathology reports
☐ Emergency department records
☐ Nursing notes
☐ Medication list/prescription records
☐ Immunization records
☐ Billing records
☐ Insurance information
☐ Other: [________________________________]

3.2 Sensitive Information

IMPORTANT: Some categories of health information require specific authorization to release due to their sensitive nature. Please check all that apply:

☐ HIV/AIDS Information - I specifically authorize the release of information regarding HIV/AIDS testing, diagnosis, or treatment

☐ Mental Health/Psychiatric Information - I specifically authorize the release of mental health or psychiatric records (excluding psychotherapy notes unless separately authorized below)

☐ Substance Abuse/Drug and Alcohol Treatment Information - I specifically authorize the release of information regarding substance abuse treatment (Note: 42 CFR Part 2 may require a separate consent form for federally-assisted programs)

☐ Genetic Information - I specifically authorize the release of genetic testing information

☐ Sexual Health/Reproductive Health Information - I specifically authorize the release of information related to sexually transmitted infections, reproductive health, or family planning

☐ Psychotherapy Notes - I specifically authorize the release of psychotherapy notes (Note: This typically requires a separate authorization)

3.3 Format of Disclosure

☐ Paper copies
☐ Electronic copies (secure email or portal)
☐ Verbal disclosure (telephone)
☐ Fax (to secure fax number)
☐ Other: [________________________________]

SECTION 4: PURPOSE OF DISCLOSURE

4.1 Purpose

The purpose of this authorization is: (check all that apply)

☐ At my request (no reason required)
☐ Continued medical care/treatment
☐ Insurance purposes
☐ Legal proceedings
☐ Disability determination
☐ Employment purposes
☐ School/educational purposes
☐ Personal records
☐ Other: [________________________________]

SECTION 5: EXPIRATION

5.1 Expiration Date or Event

This authorization shall expire on: (check one)

☐ Specific date: [__/__/____]

☐ Upon the following event: [________________________________]

☐ One (1) year from the date of signature

Note: If no expiration date or event is specified, this authorization will expire one (1) year from the date signed.

SECTION 6: REQUIRED STATEMENTS

6.1 Right to Revoke

I understand that I have the right to revoke this authorization at any time by submitting a written request to the organization listed in Section 2.1, except to the extent that action has already been taken in reliance on this authorization.

To revoke this authorization, I must submit a written request to:

[________________________________]

[________________________________]

[________________________________]

6.2 Ability to Condition Treatment, Payment, Enrollment, or Eligibility

I understand that:

☐ The covered entity WILL NOT condition treatment, payment, enrollment, or eligibility for benefits on whether I sign this authorization.

OR

☐ The covered entity MAY condition the following on my signing this authorization, and the consequences of refusing to sign are described below:

Condition: [________________________________]

Consequence of refusal: [________________________________]

6.3 Potential for Re-disclosure

I understand that once my health information is disclosed pursuant to this authorization, it may be subject to re-disclosure by the recipient and may no longer be protected by federal privacy regulations (HIPAA).

6.4 Right to Receive a Copy

I understand that I am entitled to receive a copy of this authorization after I sign it.

6.5 Fees

I understand that reasonable fees may be charged for copying and mailing my records in accordance with applicable law.

SECTION 7: SPECIAL AUTHORIZATIONS

7.1 Marketing Authorization (if applicable)

☐ I authorize the covered entity to use or disclose my protected health information for marketing purposes.

☐ I understand that the covered entity will receive / will not receive direct or indirect remuneration (payment) from a third party in connection with this marketing communication.

7.2 Sale of PHI (if applicable)

☐ I authorize the disclosure of my protected health information for which the covered entity will receive remuneration. I understand this constitutes a sale of my PHI.

SECTION 8: SIGNATURE

8.1 Patient/Personal Representative Signature

By signing below, I acknowledge that:

• I have read and understand this authorization
• I authorize the use and/or disclosure described above
• I have received a copy of this authorization
• All items have been completed to my satisfaction before signing

Signature: [________________________________]

Printed Name: [________________________________]

Date: [__/__/____]

8.2 Personal Representative (if signing on behalf of patient)

If this authorization is signed by a personal representative on behalf of the patient:

Representative Name: [________________________________]

Relationship to Patient: [________________________________]

Description of Authority to Act for Patient:
(e.g., parent of minor, legal guardian, healthcare power of attorney, executor of estate)

[________________________________]

[________________________________]

Signature of Representative: [________________________________]

Date: [__/__/____]

Attach documentation of authority (e.g., power of attorney, guardianship papers, birth certificate for minor child)

SECTION 9: WITNESS (if required by state law or organizational policy)

Witness Signature: [________________________________]

Witness Printed Name: [________________________________]

Date: [__/__/____]

FOR OFFICE USE ONLY

Authorization Processing

Date Received: [__/__/____]

Received by: [________________________________]

Verification of Identity:
☐ Photo ID reviewed
☐ Knowledge-based verification
☐ Other: [________________________________]

Verification of Authority (if personal representative):
☐ Documentation of authority reviewed and on file
☐ Type of documentation: [________________________________]

Authorization Review:
☐ All required elements present
☐ Authorization is valid
☐ Not expired
☐ Not previously revoked

Action Taken:
☐ Records disclosed on: [__/__/____]
☐ Records disclosed to: [________________________________]
☐ Method of disclosure: [________________________________]
☐ Number of pages disclosed: [____]

Processed by: [________________________________]

Date Completed: [__/__/____]

REVOCATION OF AUTHORIZATION

If you wish to revoke this authorization, complete the section below and submit to the covered entity.

REVOCATION

I hereby revoke the authorization dated [__/__/____] for the release of my protected health information.

I understand that this revocation is not effective to the extent that action has already been taken in reliance on the original authorization.

Patient/Representative Signature: [________________________________]

Printed Name: [________________________________]

Date: [__/__/____]

FOR OFFICE USE:

Revocation Received: [__/__/____]

Received by: [________________________________]

Action Taken: [________________________________]

SOURCES AND REFERENCES

• 45 CFR § 164.508 - Authorization Requirements
• eCFR 45 CFR 164.508
• HHS Authorizations FAQ
• Required Elements of a HIPAA Authorization Form