hipaa-release-form

# HIPAA Release Authorization

Drafts a 45 CFR 164.508-compliant authorization allowing designated recipients to obtain PHI for healthcare decision-making.

## Quick Start

1. Gather patient info, recipients, disclosing parties, PHI scope, and purpose.
2. Draft using the template below, ensuring all eight required elements are present.
3. Add sensitive-category addenda and state-required execution blocks.

## Prerequisites

1. Patient legal name, DOB, and contact details.
2. Authorized recipient(s) — full names, roles, contact details.
3. Disclosing party(ies) — named provider(s) or broad covered-entity language.
4. PHI scope and date range, including any specially protected categories.
5. Purpose of disclosure aligned with healthcare agent duties.
6. Expiration date or event.
7. Personal representative authority documentation (if patient is not signer).
8. State-specific execution requirements (witness, notary, special disclosures).

## Required Elements (45 CFR 164.508)

| Element | Content |
| --- | --- |
| Patient identification | Full name, DOB; add contact details if used by providers |
| Disclosing parties | Specific provider(s) or broad covered-entity class |
| Recipients | Names and roles of agents/representatives |
| Description of PHI | Record types and date range |
| Purpose | Healthcare decision-making and agent duties |
| Expiration | Date or event (e.g., revocation or death) |
| Signature | Patient or personal representative with authority |
| Required statements | Revocation rights; effect of revocation; no-conditioning notice; redisclosure warning; right to a copy |

## Sensitive Information Addenda

Include explicit consent line for each applicable category:

| Category | Notes |
| --- | --- |
| Mental health records | State law may require separate consent |
| Substance use treatment (42 CFR Part 2) | Separate Part 2-compliant consent likely required [VERIFY] |
| HIV/AIDS testing or treatment | Many states require specific authorization language |
| Genetic information | GINA and state restrictions may apply |

## Template

AUTHORIZATION FOR RELEASE OF PROTECTED HEALTH INFORMATION (HIPAA)

1. Patient Information
   Name: [PATIENT NAME]
   Date of Birth: [DOB]
   Address: [ADDRESS]
   Phone: [PHONE]
   Email: [EMAIL]

2. Person(s)/Entity(ies) Authorized to Disclose
   [PROVIDER OR "Any health plan, physician, health care professional, hospital,
   clinic, laboratory, pharmacy, medical facility, or other covered entity
   that has provided treatment, payment, or services to me."]

3. Person(s)/Entity(ies) Authorized to Receive
   [AGENT NAME], Healthcare Agent, [ADDRESS/PHONE/EMAIL]
   [SUCCESSOR AGENT NAME], Successor Healthcare Agent, [ADDRESS/PHONE/EMAIL]

4. Description of Information to Be Disclosed
   [ ] All of my protected health information, including my complete medical record.
   [ ] Only the following records: [SPECIFY]
   Date range: [FROM DATE] to [TO DATE]
   Sensitive categories (if applicable):
   [ ] Mental health records
   [ ] Substance use treatment records (42 CFR Part 2) [VERIFY]
   [ ] HIV/AIDS testing or treatment
   [ ] Genetic information

5. Purpose of Disclosure
   To enable my designated healthcare agent(s) to make informed healthcare
   decisions, communicate with providers, and carry out duties under my
   Healthcare Power of Attorney or Advance Directive.

6. Expiration
   This authorization expires on [DATE] or upon [EVENT], unless revoked earlier
   in writing by me.

7. Right to Revoke
   I understand I may revoke this authorization at any time by written notice to
   the disclosing provider. Revocation will not affect actions already taken in
   reliance on this authorization.

8. No Conditioning
   I understand that treatment, payment, enrollment, or eligibility for benefits
   will not be conditioned on signing this authorization except as permitted by law.

9. Redisclosure Notice
   I understand that information disclosed pursuant to this authorization may be
   subject to redisclosure by the recipient and may no longer be protected by HIPAA.

10. Right to a Copy
    I understand I am entitled to a copy of this signed authorization.

11. Signature
    Patient Signature: __________________________  Date: ______________
    Printed Name: _______________________________

12. Personal Representative (if applicable)
    Representative Name: ________________________
    Relationship/Authority: ______________________
    Signature: __________________________  Date: ______________

13. Witness/Notary (if required by state law)
    Witness/Notary: ______________________  Date: ______________

This document should be reviewed by qualified legal counsel before execution.

## Guidelines

- Align recipients and purpose with the healthcare power of attorney or advance directive.
- Never issue a HIPAA authorization for a signer who lacks capacity unless valid representative authority is documented.
- Name specific recipients; avoid "to whom it may concern."
- Use a clear expiration date or event; avoid indefinite language where state law restricts it.
- If substance use disorder records are involved, confirm Part 2 consent requirements separately. [VERIFY]
- Add witness or notary blocks only when required by jurisdiction or provider policy.