MAKE YOUR FREE HIPAA Authorization Form

In this case, it is not a matter of what is most OFTEN included, but rather what MUST be included. Releases can be concluded to not be compliant, if not made correctly, potentially causing problems for patients and medical providers. While you will want to ask a lawyer about the specifics of your HIPAA Release Form, you'll want to include at least the following,

• The name of the person or entity allowed to disclose medical information
• The name of the person or medical group who may receive the information
• A specific description of the information to be (or not to be) shared
• The reason the information it to be shared, or simply the statement “at the request of the individual'
• The dates the authorization is valid
• Statements about the patient's right to revoke the authorization
• Signatures and date of signing

More detailed information can also be included such as specific names of those allowed to receive medical information and exact details on what can be disclosed.

In most cases, your information can be shared with other providers to facilitate treatment or to payers (such as your health insurance company). If your medical provider asks you to sign a release, you'll want to carefully review the details of the authorization before you sign it. In most cases, you may notice some releases lean towards broader inclusions such as naming a whole company or group of people, rather than specific names. This helps the medical provider to more easily stay in compliance.

Protected health information is any information created or received by care providers, health plans, life insurance companies, public health authority, employer, educational institution or healthcare clearinghouse in any form including oral or electronic. This includes past, current and future physical or mental health and personally identifying information. As with most legal topics, there are exceptions. For example, you may consent to have research groups use your information, such as gender, age or demographics with the agreement that they do not reveal identifiable information such as birth date, contact information or biometric identifiers.

If you need to report that a covered entity violated your patient privacy by sharing health information you can file a complaint with the Office for Civil Rights (OCR). You can also file a complaint for your organization or another person. “Covered entities' include health plan providers, healthcare clearinghouses and health care providers (who conduct a portion of their business electronically using a HIPAA covered transaction).

Basically, consent is not required, and authorization is required. Consent is not required for sharing of information for treatment or payment per the HIPAA Privacy Rule. Authorization is needed to disclose information not allowed by the Privacy Rule. Authorization is required for sharing information with marketers or researchers. The HIPAA Privacy Rule is designed to protect medical information and other types of personal health information. It also gives patients the right to obtain copies of their own health information.

If you work as a health care provider and need to report an internal violation, most often your organization will have procedures for handling complaints. Usually an internal investigation is conducted first to determine if the reported violation is valid and required to be reported under the rules of the HIPAA Breach Notification Rule. Employees or care providers can also file complaints directly with the OCR. Notifications should be sent without delay, usually within 60 days.

While you can release specific information to an individual, in most cases you'll want to use a different type of form to provide ongoing legal rights. For example, you may want your babysitter to have rights to consent for care for your child or you want to make an Advance Directive to carry out your end-of-life wishes.

Here are some other related legal documents:

This document allows you to define your healthcare wishes should you become incapacitated. It can include what kind of care you consent to, such as limitations on long-term artificial life support. If you are a donor, it defines the restrictions on how you want your tissues or organs to be used.

This form can help you request your records from your providers if you are moving or changing providers.

This form allows you to provide temporary and limited consent to a care provider of your child. This authorization will help your child to receive the medical attention they need if you are not available.