Fillable Form HIPAA Release Form

What is a HIPAA Release Form?

A HIPAA Release Form is a legal and medical document that is used to authorize a person or organization to release a patient’s medical information. Said person or organization is often the hospital or clinic that holds said medical information in the first place.

The release form requires that the patient (or their representative, if they themselves are unavailable) set the limits to the information to be shared, the extent to which it can be used, and state how long the authorization to share such information will last.

How do I fill out a HIPAA Release Form?

HIPAA Release Forms require information that will help to certify what information may be shared, up to what extent the information can be shared, whose information is being shared, and so on. Make sure that all information entered is accurate in order to avoid any issues.

Section I

Name of Patient

Enter the name of the patient who is giving their permission for their medical information to be released.

Name of Person/Entity Using Information

Enter the name of the person or entity that will be making use of the information (sharing it to other parties, using it for their own purposes, et cetera.)

Section II - Health Information

Tick any of the following boxes that apply to how much or what part(s) of the patient’s health record may be shared by the person or entity noted above. You may choose from the following:

• Disclose complete health record
• Disclose complete health record except (check the boxes corresponding to the parts of the patient’s health record the patient wishes to not be shared):
• Mental health records
• Communicable diseases up to and including HIV and AIDS
• Alcohol/drug use treatment records
• Genetic information
• Other (specify in the space provided)

Form of Disclosure

Tick the box that corresponds to how the information will be disclosed. You may choose one or both between “Electronic copy or access via a web-based portal” and “Hard copy”.

Section III - Reason for Disclosure

Enter the reason for why the patient’s medical information is being disclosed in the space provided.

Section IV - Who Can Receive My Health Information

Enter the Name, Organization, and residential or office address of the person or entity that the patient is authorizing that their medical information be shared with.

Section V - Duration of Authorization

Tick the box that corresponds to how long the patient’s authorization to allow their information to be disclosed will last. You may choose from the following:

• From-to (Enter the start and end dates of the authorization in the spaces provided.)
• All past, present, and future periods (Perpetual/Permanent until revoked)
• The date of the signature in Section VI until the following event (enter the event that will result in the authorization being revoked or ending in the space provided)

Revocation Request Address

Enter the Name, Organization, and Address information of the person or organization the patient may write a request to revoke their given authorization to in the spaces provided.

Section VI - Signature

Have the patient sign the form in the space provided, then enter the date that the form was signed as well as their full legal name.

If this form was filed by another person with legal authority to act on the patient’s behalf, have them enter their full legal name and then sign the form in the space provided. Then provide a brief description as to how that person has the legal authority to sign the form.

Frequently Asked Questions (FAQs)

What is the HIPAA Security Rule?

The HIPAA Security Rule requires covered entities to implement administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of a patient’s medical information.

Can I use a HIPAA Release form to get a copy of my own medical records?

Yes. In fact, filing a HIPAA Release form is often a requirement that must be fulfilled before a hospital can give you a copy of your records.

Does the person or entity I give the form to have to keep it on file?

Yes. Any person or entity that receives a HIPAA Release form must keep it on file for at least six years from the date of its creation or when it was last in effect (whichever is later). Depending on the state or even country, the retention requirements may be longer or shorter.

Who can see the HIPAA Release form?

Only the patient, the recipient, and any person or entity that requires the patient’s medical information may see the HIPAA Release form. The patient may, however, also choose to show the form to those they trust.

What do I do if my medical information is disclosed without my permission?

Contact the person or entity that disclosed your information without permission, then determine if you need to take legal action. If possible, try to get evidence of the disclosure, to serve as proof of your personal information being leaked without consent.

Are there exceptions that allow my medical information to be disclosed without my permission?

Yes. Some of the most common exceptions include:

• Treatment, payment, and healthcare operations
• Public health activities
• Research
• Law enforcement
• Emergencies
• De-identified information

How much of my medical information can be disclosed without my permission in the above circumstances?

Only the minimum necessary amount of information may be shared without the patient’s permission.

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law in the United States that sets national standards to protect the privacy and security of individuals’ medical information.

What are the penalties for violating HIPAA regulations?

Civil penalties for HIPAA violations can range from $100 to $50,000 per violation, up to a maximum of $1.5 million per calendar year for violations of the same provision. HIPAA violations can also result in criminal penalties.

Why is separate consent required for information regarding HIV/AIDS, Abuse, Sexual Assault, Drugs, etc. to be disclosed?

Separate consent is required due to the stigma and discrimination (and other potential problems) that a person may encounter should information about such things be carelessly spread.

Can a healthcare provider refuse to disclose medical information with a valid authorization?

If the healthcare provider believes that the authorization was obtained through fraud or deception, or if they believe that the information requested is not relevant or necessary for the stated purpose of the authorization, they may refuse to disclose the information.

Can I sign the form electronically?

Yes, an authorization for the release of medical information can be signed electronically in accordance with HIPAA regulations.

How do I correct an error in my medical records?

If you discover an error in your medical records, you have the right to request that the error be corrected under HIPAA. The process for correcting errors varies depending on the policies of your healthcare provider, so make sure to contact them for more information on how to correct any errors.

How do I know if my healthcare provider is a covered entity under HIPAA?

In general, most healthcare providers are considered "covered entities" under HIPAA. Covered entities are defined as healthcare providers, health plans, and healthcare clearinghouses that transmit or maintain protected health information (medical information) in electronic form.

Can healthcare providers disclose medical information to family members without authorization?

Under HIPAA, healthcare providers generally cannot disclose medical information to family members or other individuals without the patient's written authorization. However, there are some exceptions to this rule.

If the patient is present and able to make decisions, the healthcare provider may disclose information to the patient's family members or other individuals if the patient agrees to the disclosure. Otherwise, the healthcare provider may disclose information to a family member or other individual if the disclosure is in the patient's best interest and the healthcare provider believes that the patient would not object.