What is a HIPAA authorization form?

A HIPAA authorization form, also known as a HIPAA release form, is a document that individual signs for their health provider before the entity may use or disclose their protected health information (PHI). HIPAA authorizes the sharing of PHI for the following purposes:

• Treatment
• Payment
• Healthcare Operations

When an individual signs a HIPAA authorization form, they consent to a HIPAA-covered entity to use the patient’s PHI for purposes that the HIPAA privacy rule would not otherwise permit.

What is the purpose of a HIPAA authorization form?

Under the HIPAA privacy rule, nurses, doctors, laboratory technicians, hospitals, and other healthcare providers who adhere to HIPAA compliance may not use or disclose PHI without the patient’s authorization for treatment. A HIPAA authorization form grants permission to providers to use PHI for purposes other than treatment. A patient is not required to sign this form and can revoke it at any time. Here are a few reasons why a HIPAA authorization form may be signed:

• Provide your PHI to an attorney for an injury claim
• Provide access to a healthcare agent who may question your doctor about charges on your bill
• Provide access to someone who is assisting you in paying medical bills so they can review what they are paying

When someone has access to your information, you are still protected. Healthcare providers use the “minimum necessary” standard and only share information necessary to accomplish the specific goal.

What are the requirements of a HIPAA authorization form?

To comply with the law, certain qualities must be present in a HIPAA authorization form. These core elements include:

• The specific information that will be used or disclosed.
• The specific identifiers of the individuals(s) authorized to make the requested use or disclosure.
• The specific identification of any third parties who the covered entity may make the requested disclosure.
• A description of each purpose of the requested service or disclosure.
• An expiration date or an expiration event correlating to the individual or the intent of the use or disclosure.
• The signature of the individual named on the form or their legal representative with the date.

In addition to these requirements, the form must also contain language that clearly and adequately expresses the following statements:

• A person’s right to revoke the authorization.
• Any exceptions to the right to revoke the authorization.
• The entity may not condition payment, treatment, enrollment, or eligibility for benefits on whether the person signs the authorization, except for the following conditions:
  • A health care provider may condition the obligation of research-related treatment on the provision of approval for such research.
  • A health plan may condition enrollment in the health plan or eligibility for benefits.

• The potential for information disclosed to be subject to HIPAA redisclosure by the receiver and no longer be protected by the Privacy Rule.

Learn more about HIPAA documentation requirements as they relate to you or your position by visiting us at HIPAAexams.com!