Make your Free
HIPAA Authorization Form

  • Answer simple questions to make your document
  • Sign & share your document online
  • Save progress and finish on any device; download & print at home

How it works

  • Build your
    document
  • Save, print
    & share
  • Sign it &
    Make it legal
Sample HIPAA Authorization Form Form Template
How it Works
Build your Document
Save, Print & Share
Sign it & make it legal

HIPAA Authorization Form basics

HIPPA Release Forms allow you to provide others access to your protected medical records—most often to other doctors or care providers. However, this form can also be used to release your medical information to a specific person.


Use the HIPAA Authorization Form document if:

  • You want your medical information to be released from one care provider to another.
  • You want to control what medical information is to be shared.
  • You want to limit how long a certain party can access specific medical information.
  • You need to provide this document to your patients or medical clients.


Other names for this document:


HIPAA Privacy Authorization Form, Health Insurance Portability and Accountability Act Authorization, HIPAA Release Form, Medical Records Release Form


What is included in a HIPAA Authorization form?


In this case, it is not a matter of what is most OFTEN included, but rather what MUST be included. Releases can be concluded to not be compliant, if not made correctly, potentially causing problems for patients and medical providers. While you will want to ask a lawyer about the specifics of your HIPAA Release Form, you'll want to include at least the following,

  • The name of the person or entity allowed to disclose medical information
  • The name of the person or medical group who may receive the information
  • A specific description of the information to be (or not to be) shared
  • The reason the information it to be shared, or simply the statement “at the request of the individual”
  • The dates the authorization is valid
  • Statements about the patient's right to revoke the authorization
  • Signatures and date of signing

More detailed information can also be included such as specific names of those allowed to receive medical information and exact details on what can be disclosed.


When can a doctor disclose my medical information?


In most cases, your information can be shared with other providers to facilitate treatment or to payers (such as your health insurance company). If your medical provider asks you to sign a release, you'll want to carefully review the details of the authorization before you sign it. In most cases, you may notice some releases lean towards broader inclusions such as naming a whole company or group of people, rather than specific names. This helps the medical provider to more easily stay in compliance.


What is considered protected health information?


Protected health information is any information created or received by care providers, health plans, life insurance companies, public health authority, employer, educational institution or healthcare clearinghouse in any form including oral or electronic. This includes past, current and future physical or mental health and personally identifying information. As with most legal topics, there are exceptions. For example, you may consent to have research groups use your information, such as gender, age or demographics with the agreement that they do not reveal identifiable information such as birth date, contact information or biometric identifiers.


How to report a HIPAA violation


If you need to report that a covered entity violated your patient privacy by sharing health information you can file a complaint with the Office for Civil Rights (OCR). You can also file a complaint for your organization or another person. “Covered entities” include health plan providers, healthcare clearinghouses and health care providers (who conduct a portion of their business electronically using a HIPAA covered transaction).


What is the difference between consent and authorization?


Basically, consent is not required, and authorization is required. Consent is not required for sharing of information for treatment or payment per the HIPAA Privacy Rule. Authorization is needed to disclose information not allowed by the Privacy Rule. Authorization is required for sharing information with marketers or researchers. The HIPAA Privacy Rule is designed to protect medical information and other types of personal health information. It also gives patients the right to obtain copies of their own health information.

If you work as a health care provider and need to report an internal violation, most often your organization will have procedures for handling complaints. Usually an internal investigation is conducted first to determine if the reported violation is valid and required to be reported under the rules of the HIPAA Breach Notification Rule. Employees or care providers can also file complaints directly with the OCR. Notifications should be sent without delay, usually within 60 days.


What if I want to provide a family member or friend access to my health information?


While you can release specific information to an individual, in most cases you'll want to use a different type of form to provide ongoing legal rights. For example, you may want your babysitter to have rights to consent for care for your child or you want to make an Advance Directive to carry out your end-of-life wishes.

Here are some other related legal documents:

Advance Directive

This document allows you to define your healthcare wishes should you become incapacitated. It can include what kind of care you consent to, such as limitations on long-term artificial life support. If you are a donor, it defines the restrictions on how you want your tissues or organs to be used.

Medical Records Request

This form can help you request your records from your providers if you are moving or changing providers.

Medical Authorization for Minors

This form allows you to provide temporary and limited consent to a care provider of your child. This authorization will help your child to receive the medical attention they need if you are not available.


Sample HIPAA Authorization Form

More than just a template, our step-by-step interview process makes it easy to create a HIPAA Authorization Form.

Save, sign, print, and download your document when you are done.

Get legal advice

From Rocket Lawyer On Call® attorneys.

Characters remaining: 600

CUSTOMERS LOVE US

rocket lawyer 5 star rating

Kasia M.

"Rocket Lawyer is a helpful tool for professionals who need legal documents at an affordable price."

HIPAA Authorization Form basics


Other names for this document:


HIPAA Privacy Authorization Form, Health Insurance Portability and Accountability Act Authorization, HIPAA Release Form, Medical Records Release Form


What is included in a HIPAA Authorization form?


In this case, it is not a matter of what is most OFTEN included, but rather what MUST be included. Releases can be concluded to not be compliant, if not made correctly, potentially causing problems for patients and medical providers. While you will want to ask a lawyer about the specifics of your HIPAA Release Form, you'll want to include at least the following,

  • The name of the person or entity allowed to disclose medical information
  • The name of the person or medical group who may receive the information
  • A specific description of the information to be (or not to be) shared
  • The reason the information it to be shared, or simply the statement “at the request of the individual”
  • The dates the authorization is valid
  • Statements about the patient's right to revoke the authorization
  • Signatures and date of signing

More detailed information can also be included such as specific names of those allowed to receive medical information and exact details on what can be disclosed.


When can a doctor disclose my medical information?


In most cases, your information can be shared with other providers to facilitate treatment or to payers (such as your health insurance company). If your medical provider asks you to sign a release, you'll want to carefully review the details of the authorization before you sign it. In most cases, you may notice some releases lean towards broader inclusions such as naming a whole company or group of people, rather than specific names. This helps the medical provider to more easily stay in compliance.


What is considered protected health information?


Protected health information is any information created or received by care providers, health plans, life insurance companies, public health authority, employer, educational institution or healthcare clearinghouse in any form including oral or electronic. This includes past, current and future physical or mental health and personally identifying information. As with most legal topics, there are exceptions. For example, you may consent to have research groups use your information, such as gender, age or demographics with the agreement that they do not reveal identifiable information such as birth date, contact information or biometric identifiers.


How to report a HIPAA violation


If you need to report that a covered entity violated your patient privacy by sharing health information you can file a complaint with the Office for Civil Rights (OCR). You can also file a complaint for your organization or another person. “Covered entities” include health plan providers, healthcare clearinghouses and health care providers (who conduct a portion of their business electronically using a HIPAA covered transaction).


What is the difference between consent and authorization?


Basically, consent is not required, and authorization is required. Consent is not required for sharing of information for treatment or payment per the HIPAA Privacy Rule. Authorization is needed to disclose information not allowed by the Privacy Rule. Authorization is required for sharing information with marketers or researchers. The HIPAA Privacy Rule is designed to protect medical information and other types of personal health information. It also gives patients the right to obtain copies of their own health information.

If you work as a health care provider and need to report an internal violation, most often your organization will have procedures for handling complaints. Usually an internal investigation is conducted first to determine if the reported violation is valid and required to be reported under the rules of the HIPAA Breach Notification Rule. Employees or care providers can also file complaints directly with the OCR. Notifications should be sent without delay, usually within 60 days.


What if I want to provide a family member or friend access to my health information?


While you can release specific information to an individual, in most cases you'll want to use a different type of form to provide ongoing legal rights. For example, you may want your babysitter to have rights to consent for care for your child or you want to make an Advance Directive to carry out your end-of-life wishes.

Here are some other related legal documents:

Advance Directive

This document allows you to define your healthcare wishes should you become incapacitated. It can include what kind of care you consent to, such as limitations on long-term artificial life support. If you are a donor, it defines the restrictions on how you want your tissues or organs to be used.

Medical Records Request

This form can help you request your records from your providers if you are moving or changing providers.

Medical Authorization for Minors

This form allows you to provide temporary and limited consent to a care provider of your child. This authorization will help your child to receive the medical attention they need if you are not available.

Use the HIPAA Authorization Form document if:
  • You want your medical information to be released from one care provider to another.
  • You want to control what medical information is to be shared.
  • You want to limit how long a certain party can access specific medical information.
  • You need to provide this document to your patients or medical clients.
Read {{ showMore ? 'Less' : 'More' }}

Ready to make your Free HIPAA Authorization Form?

Your document is free within your one week membership trial.

Meet ALL your legal needs with a Rocket Lawyer membership.
Document Defense®
Have an attorney ready to defend your document
Document Review
Review up to 6 documents a year with an attorney
Ask a Lawyer
Get 2 Q&A sessions with an attorney every month
1-on-1 Legal Advice
Enjoy 30-minute consultations  on each new legal matter
Exclusive Discounts
Save on additional legal services from our nationwide network of lawyers
Unlimited Documents
Access hundreds of legal documents, plus extra features like electronic signatures