HIPAA Authorization Form
HIPAA AUTHORIZATION FOR RELEASE OF PROTECTED HEALTH INFORMATION
AUTHORIZATION FOR USE AND/OR DISCLOSURE OF HEALTH INFORMATION
COVERED ENTITY INFORMATION
Organization Name: [________________________________]
Address: [________________________________]
City, State, ZIP: [________________________________]
Phone: [________________________________]
Fax: [________________________________]
SECTION 1: PATIENT INFORMATION
Patient Name: [________________________________]
Date of Birth: [__/__/____]
Address: [________________________________]
City, State, ZIP: [________________________________]
Phone: [________________________________]
Email: [________________________________]
Medical Record Number (if known): [________________________________]
Social Security Number (last 4 digits, optional): XXX-XX-[____]
SECTION 2: AUTHORIZATION DETAILS
2.1 Person/Entity Authorized to DISCLOSE Information
Name: [________________________________]
Organization (if applicable): [________________________________]
Address: [________________________________]
City, State, ZIP: [________________________________]
Phone: [________________________________]
Fax: [________________________________]
2.2 Person/Entity Authorized to RECEIVE Information
Name: [________________________________]
Organization (if applicable): [________________________________]
Address: [________________________________]
City, State, ZIP: [________________________________]
Phone: [________________________________]
Fax: [________________________________]
Email (if electronic delivery authorized): [________________________________]
SECTION 3: DESCRIPTION OF INFORMATION TO BE DISCLOSED
3.1 Specific Information Authorized for Release
I authorize the release of the following protected health information:
Date Range of Records: [__/__/____] to [__/__/____]
☐ Complete medical record
OR select specific record types:
☐ History and physical examination
☐ Consultation reports
☐ Progress notes/office visit notes
☐ Discharge summary
☐ Operative/procedure reports
☐ Laboratory results
☐ Radiology/imaging reports
☐ Pathology reports
☐ Emergency department records
☐ Nursing notes
☐ Medication list/prescription records
☐ Immunization records
☐ Billing records
☐ Insurance information
☐ Other: [________________________________]
3.2 Sensitive Information
IMPORTANT: Some categories of health information require specific authorization to release due to their sensitive nature. Please check all that apply:
☐ HIV/AIDS Information - I specifically authorize the release of information regarding HIV/AIDS testing, diagnosis, or treatment
☐ Mental Health/Psychiatric Information - I specifically authorize the release of mental health or psychiatric records (excluding psychotherapy notes unless separately authorized below)
☐ Substance Abuse/Drug and Alcohol Treatment Information - I specifically authorize the release of information regarding substance abuse treatment (Note: 42 CFR Part 2 may require a separate consent form for federally-assisted programs)
☐ Genetic Information - I specifically authorize the release of genetic testing information
☐ Sexual Health/Reproductive Health Information - I specifically authorize the release of information related to sexually transmitted infections, reproductive health, or family planning
☐ Psychotherapy Notes - I specifically authorize the release of psychotherapy notes (Note: This typically requires a separate authorization)
3.3 Format of Disclosure
☐ Paper copies
☐ Electronic copies (secure email or portal)
☐ Verbal disclosure (telephone)
☐ Fax (to secure fax number)
☐ Other: [________________________________]
SECTION 4: PURPOSE OF DISCLOSURE
4.1 Purpose
The purpose of this authorization is: (check all that apply)
☐ At my request (no reason required)
☐ Continued medical care/treatment
☐ Insurance purposes
☐ Legal proceedings
☐ Disability determination
☐ Employment purposes
☐ School/educational purposes
☐ Personal records
☐ Other: [________________________________]
SECTION 5: EXPIRATION
5.1 Expiration Date or Event
This authorization shall expire on: (check one)
☐ Specific date: [__/__/____]
☐ Upon the following event: [________________________________]
☐ One (1) year from the date of signature
Note: If no expiration date or event is specified, this authorization will expire one (1) year from the date signed.
SECTION 6: REQUIRED STATEMENTS
6.1 Right to Revoke
I understand that I have the right to revoke this authorization at any time by submitting a written request to the organization listed in Section 2.1, except to the extent that action has already been taken in reliance on this authorization.
To revoke this authorization, I must submit a written request to:
[________________________________]
[________________________________]
[________________________________]
6.2 Ability to Condition Treatment, Payment, Enrollment, or Eligibility
I understand that:
☐ The covered entity WILL NOT condition treatment, payment, enrollment, or eligibility for benefits on whether I sign this authorization.
OR
☐ The covered entity MAY condition the following on my signing this authorization, and the consequences of refusing to sign are described below:
Condition: [________________________________]
Consequence of refusal: [________________________________]
6.3 Potential for Re-disclosure
I understand that once my health information is disclosed pursuant to this authorization, it may be subject to re-disclosure by the recipient and may no longer be protected by federal privacy regulations (HIPAA).
6.4 Right to Receive a Copy
I understand that I am entitled to receive a copy of this authorization after I sign it.
6.5 Fees
I understand that reasonable fees may be charged for copying and mailing my records in accordance with applicable law.
SECTION 7: SPECIAL AUTHORIZATIONS
7.1 Marketing Authorization (if applicable)
☐ I authorize the covered entity to use or disclose my protected health information for marketing purposes.
☐ I understand that the covered entity will receive / will not receive direct or indirect remuneration (payment) from a third party in connection with this marketing communication.
7.2 Sale of PHI (if applicable)
☐ I authorize the disclosure of my protected health information for which the covered entity will receive remuneration. I understand this constitutes a sale of my PHI.
SECTION 8: SIGNATURE
8.1 Patient/Personal Representative Signature
By signing below, I acknowledge that:
- I have read and understand this authorization
- I authorize the use and/or disclosure described above
- I have received a copy of this authorization
- All items have been completed to my satisfaction before signing
Signature: [________________________________]
Printed Name: [________________________________]
Date: [__/__/____]
8.2 Personal Representative (if signing on behalf of patient)
If this authorization is signed by a personal representative on behalf of the patient:
Representative Name: [________________________________]
Relationship to Patient: [________________________________]
Description of Authority to Act for Patient:
(e.g., parent of minor, legal guardian, healthcare power of attorney, executor of estate)
[________________________________]
[________________________________]
Signature of Representative: [________________________________]
Date: [__/__/____]
Attach documentation of authority (e.g., power of attorney, guardianship papers, birth certificate for minor child)
SECTION 9: WITNESS (if required by state law or organizational policy)
Witness Signature: [________________________________]
Witness Printed Name: [________________________________]
Date: [__/__/____]
FOR OFFICE USE ONLY
Authorization Processing
Date Received: [__/__/____]
Received by: [________________________________]
Verification of Identity:
☐ Photo ID reviewed
☐ Knowledge-based verification
☐ Other: [________________________________]
Verification of Authority (if personal representative):
☐ Documentation of authority reviewed and on file
☐ Type of documentation: [________________________________]
Authorization Review:
☐ All required elements present
☐ Authorization is valid
☐ Not expired
☐ Not previously revoked
Action Taken:
☐ Records disclosed on: [__/__/____]
☐ Records disclosed to: [________________________________]
☐ Method of disclosure: [________________________________]
☐ Number of pages disclosed: [____]
Processed by: [________________________________]
Date Completed: [__/__/____]
REVOCATION OF AUTHORIZATION
If you wish to revoke this authorization, complete the section below and submit to the covered entity.
REVOCATION
I hereby revoke the authorization dated [__/__/____] for the release of my protected health information.
I understand that this revocation is not effective to the extent that action has already been taken in reliance on the original authorization.
Patient/Representative Signature: [________________________________]
Printed Name: [________________________________]
Date: [__/__/____]
FOR OFFICE USE:
Revocation Received: [__/__/____]
Received by: [________________________________]
Action Taken: [________________________________]
SOURCES AND REFERENCES
About This Template
Compliance documents are what regulated businesses use to prove they follow the rules that apply to their industry, whether that is privacy, anti-money-laundering, consumer protection, or sector-specific requirements. Regulators look for consistent policies, up-to-date records, and clear evidence of employee training. The cost of getting compliance paperwork right is almost always smaller than the cost of an enforcement action, fine, or public disclosure.
Important Notice
This template is provided for informational purposes. It is not legal advice. We recommend having an attorney review any legal document before signing, especially for high-value or complex matters.
Last updated: February 2026