Get our app
Account Sign up Sign in

Make your Free HIPAA Authorization Form

HIPAA Release Forms allow you to provide others access to your protected medical records, most often to other doctors or care providers. However, this form can also be used to release your medical... Read more

Make document
Sample HIPAA Authorization Form Template
How It Works About Document Related Documents

How It Works

Create your document

Create your document

Answer a few simple questions to make your document in minutes

Save, print & share

Save, print & share

Save progress and finish on any device; download & print anytime

Sign & make it legal

Sign & make it legal

Securely sign online and invite others to sign

Making a HIPAA Authorization Form

  • What is a HIPAA Authorization Form?

    HIPAA Release Forms allow you to provide others access to your protected medical records, most often to other doctors or care providers. However, this form can also be used to release your medical information to a specific person.

    Use the HIPAA Authorization Form document if:

    • You want your medical information to be released from one care provider to another.
    • You want to control what medical information is to be shared.
    • You want to limit how long a certain party can access specific medical information.
    • You need to provide this document to your patients or medical clients.

    Other names for this document:

    HIPAA Privacy Authorization Form, Health Insurance Portability and Accountability Act Authorization, HIPAA Release Form, Medical Records Release Form

  • What is included in a HIPAA Authorization form?

    In this case, it is not a matter of what is most OFTEN included, but rather what MUST be included. Releases can be concluded to not be compliant, if not made correctly, potentially causing problems for patients and medical providers. While you will want to ask a lawyer about the specifics of your HIPAA Release Form, you'll want to include at least the following,

    • The name of the person or entity allowed to disclose medical information
    • The name of the person or medical group who may receive the information
    • A specific description of the information to be (or not to be) shared
    • The reason the information it to be shared, or simply the statement “at the request of the individual”
    • The dates the authorization is valid
    • Statements about the patient's right to revoke the authorization
    • Signatures and date of signing

    More detailed information can also be included such as specific names of those allowed to receive medical information and exact details on what can be disclosed.

  • When can a doctor disclose my medical information?

    In most cases, your information can be shared with other providers to facilitate treatment or to payers (such as your health insurance company). If your medical provider asks you to sign a release, you'll want to carefully review the details of the authorization before you sign it. In most cases, you may notice some releases lean towards broader inclusions such as naming a whole company or group of people, rather than specific names. This helps the medical provider to more easily stay in compliance.

  • What is considered protected health information?

    Protected health information is any information created or received by care providers, health plans, life insurance companies, public health authority, employer, educational institution or healthcare clearinghouse in any form including oral or electronic. This includes past, current and future physical or mental health and personally identifying information. As with most legal topics, there are exceptions. For example, you may consent to have research groups use your information, such as gender, age or demographics with the agreement that they do not reveal identifiable information such as birth date, contact information or biometric identifiers.

    How to report a HIPAA violation

    If you need to report that a covered entity violated your patient privacy by sharing health information you can file a complaint with the Office for Civil Rights (OCR). You can also file a complaint for your organization or another person. “Covered entities” include health plan providers, healthcare clearinghouses and health care providers (who conduct a portion of their business electronically using a HIPAA covered transaction).

  • What is the difference between consent and authorization?

    Basically, consent is not required, and authorization is required. Consent is not required for sharing of information for treatment or payment per the HIPAA Privacy Rule. Authorization is needed to disclose information not allowed by the Privacy Rule. Authorization is required for sharing information with marketers or researchers. The HIPAA Privacy Rule is designed to protect medical information and other types of personal health information. It also gives patients the right to obtain copies of their own health information.

    If you work as a health care provider and need to report an internal violation, most often your organization will have procedures for handling complaints. Usually an internal investigation is conducted first to determine if the reported violation is valid and required to be reported under the rules of the HIPAA Breach Notification Rule. Employees or care providers can also file complaints directly with the OCR. Notifications should be sent without delay, usually within 60 days.

  • What if I want to provide a family member or friend access to my health information?

    While you can release specific information to an individual, in most cases you'll want to use a different type of form to provide ongoing legal rights. For example, you may want your babysitter to have rights to consent for care for your child or you want to make an Advance Directive to carry out your end-of-life wishes.

    Here are some other related legal documents:

    Advance Directive

    This document allows you to define your healthcare wishes should you become incapacitated. It can include what kind of care you consent to, such as limitations on long-term artificial life support. If you are a donor, it defines the restrictions on how you want your tissues or organs to be used.

    Medical Records Request

    This form can help you request your records from your providers if you are moving or changing providers.

    Medical Authorization for Minors

    This form allows you to provide temporary and limited consent to a care provider of your child. This authorization will help your child to receive the medical attention they need if you are not available.

Related documents

Ask a lawyer

Our On Call attorneys are here for you.
Characters remaining: 600
Rocket Lawyer On Call® Attorneys


Easy legal documents at your fingertips

Answer a few simple questions to make your document in minutes

Easily customizable
Make unlimited revisions and copies. Sign online. Share and print anytime.
Legal and reliable
Our documents are vetted by lawyers and legal staff, so you can use them with confidence.
Added protection with Document Defense®
If there's a dispute, an On Call attorney can respond on your behalf. Included in your Premium plan.
Try Rocket Lawyer free for 7 days
Make your Premium document today and get back to doing what you love.

Looking for something else?