Fillable Form Medical Release

What is the Medical Release Form?

The HIPAA Medical Information Authorization Form, also known as a Medical Release Form, is a form that allows an individual to give permission to their healthcare provider or other covered entity to disclose their Protected Health Information (PHI) to a designated person or organization. The authorization is a legal document that must be signed by the individual or their legal representative, and it specifies the type of PHI that can be disclosed, the purpose of the disclosure, and the identity of the person or organization to whom the PHI will be disclosed.

The HIPAA Medical Information Authorization form is used in situations where an individual wants to give permission for their healthcare provider or other covered entity to disclose their PHI to a third party. This may include situations where the individual wants to share their medical information with a family member or friend, a healthcare proxy or power of attorney, or a research organization.

To be considered valid, the HIPAA Medical Information Authorization must contain certain elements as required by HIPAA regulations. These elements include:

1. A description of the PHI to be disclosed. The authorization must identify the specific type of PHI that will be disclosed, such as medical records, test results, or treatment plans.

2. The name or identity of the person or organization to whom the PHI will be disclosed. The authorization must specify the name or identity of the individual or organization that will receive the PHI.

3. The purpose of the disclosure. The authorization must specify the purpose for which the PHI will be disclosed. For example, the purpose may be to facilitate medical treatment, research, or legal proceedings.

4. The expiration date of the authorization. The authorization must specify the date on which it will expire. The expiration date may be a specific date or an event, such as the completion of a research study.

5. The individual’s signature. The authorization must be signed by the individual or their legal representative.

How do I fill out the Medical Release Form?

The Medical Release Form consists of seven sections that must be filled out with information about the patient, the extent of the authorization they are granting, and the purpose(s) that the authorization is being granted for.

Patient Name

Enter the patient’s full legal name.

Date of Birth

Enter the patient’s date of birth.

Social Security Number

Enter the patient’s Social Security Number (SSN).

Section I: Authorization

Disclosing Party

Enter the name of the person or entity that the patient is authorizing to disclose their health information.

Information To Be Disclosed

Check the box that applies to the patient’s health information that is being authorized to be disclosed. You may choose one or more of the following:

1. All of my health information

2. My health information relating to the following treatment or condition (enter the treatment or condition in the space provided)

3. My health information covering the period from (date) to (date). (Enter the dates in the spaces provided)

4. Other (enter the information to be disclosed in the space provided)

Section II: Extent of Authorization

Name of Recipient

Enter the full legal name of the person or entity that the information will be disclosed to.

Address

Enter the street address of the receiving person or entity.

City, State, and ZIP code

Enter the city, state, and ZIP code of the receiving person or entity.

Phone Number

Enter the receiving person or entity’s primary phone number.

Fax Number

Enter the receiving person or entity’s fax number.

Email Address

Enter the receiving person or entity’s primary email address.

Section III: Purpose of the Authorization

Check all the boxes that apply to the reason for why the authorization is being provided. You may choose from the following:

1. At my request.

2. Other (enter the reason in the space provided).

3. To authorize the using or disclosing party to communicate with me for marketing purposes when they receive payment from a third party to do so.

4. To authorize the using or disclosing party to sell my health information. I understand that the seller will receive compensation for my health information and will stop any future sales if I revoke this authorization.

Section IV: Termination

Check the box that indicates when the authorization will end. You may choose one of the following:

1. On (enter the date that the authorization will expire in the space provided)

2. When the following event occurs (enter the event in the space provided. Make sure to make it as clear and specific as possible)

Section V: Patient Rights

This section states that the patient has been made aware of the fact that they may withdraw their authorization in writing at any time except in cases where uses and disclosures have already been made based on their original permission. The patient is also aware of what authorizing their information to be disclosed entails, and that they may not be able to revoke the authorization depending on how their information is used.

Have the patient sign the form on the space provided, then enter the date that the form was signed.

Section VI: Additional Consent for Certain Conditions

If the patient consents to having information about physical or sexual abuse, alcoholism, drug abuse, sexually transmitted diseases, abortion, or mental health treatment be disclosed, check the box indicating that they consent. Otherwise, check the box indicating that they do not consent to such information being disclosed.

Have the patient sign the form on the space provided, then enter the date that the form was signed.

Section VII: Additional Content for HIV/AIDS

If the patient consents to having information about HIV testing and/or AIDS diagnosis or treatment be disclosed, check the box indicating that they consent. Otherwise, check the box indicating that they do not consent to such information being disclosed.

Have the patient sign the form on the space provided, then enter the date that the form was signed.

Frequently Asked Questions (FAQs)

What is the HIPAA Security Rule?

The HIPAA Security Rule requires covered entities to implement administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). These safeguards are designed to ensure that ePHI is not improperly altered, destroyed, or disclosed, and that it is available when needed.

Can I use a Medical Release form to get a copy of my own medical records?

Yes. In fact, filing a Medical Release form is often a requirement that must be fulfilled before a hospital can give you a copy of your records.

Does the person or entity I give the form to have to keep it on file? 

Yes. Any person or entity that receives a Medical Release form must keep it on file for at least six years from the date of its creation or when it was last in effect (whichever is later). Depending on the state, the retention requirements may be longer or shorter. 

Who can see the Medical Release form?

Only the patient, the recipient, and any person or entity that requires the patient’s PHI may see the Medical Release form. 

What do I do if my PHI is disclosed without my permission?

Contact the person or entity that disclosed your information without permission, then determine if you need to take legal action. If possible, try to get evidence of the disclosure, to serve as proof that your privacy was violated.

Are there exceptions that allow my PHI to be disclosed without my permission?

Yes. Some of the most common exceptions include:

1. Treatment, payment, and healthcare operations

2. Public health activities

3. Research

4. Law enforcement

5. Emergencies

6. De-identified information

How much of my PHI can be disclosed without my permission in the above circumstances?

Only the minimum necessary amount of information may be shared without the patient’s permission. 

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law in the United States that sets national standards to protect the privacy and security of individuals’ medical information. 

What are the penalties for violating HIPAA regulations?

Civil penalties for HIPAA violations can range from $100 to $50,000 per violation, up to a maximum of $1.5 million per calendar year for violations of the same provision. HIPAA violations can also result in criminal penalties. Individuals who knowingly and willfully obtain or disclose PHI in violation of HIPAA can be fined up to $50,000 and imprisoned for up to one year or longer depending on the circumstances of the violation.

Why is separate consent required for information regarding HIV/AIDS, Abuse, Sexual Assault, Drugs, etc. to be disclosed?

Separate consent is required due to the stigma and discrimination (and other potential problems) that a person may encounter should information about such things be carelessly spread. 

Can a healthcare provider refuse to disclose PHI with a valid authorization?

If the healthcare provider believes that the authorization was obtained through fraud or deception, or if they believe that the information requested is not relevant or necessary for the stated purpose of the authorization, they may refuse to disclose the information.

Additionally, healthcare providers may refuse to disclose PHI if the disclosure would endanger the life or safety of the individual or another person, or if the disclosure is prohibited by law. In general, if the healthcare provider wishes to refuse to disclose information, they must provide a written explanation of the reasons for the refusal.

Can I sign the form electronically?

Yes, an authorization for the release of medical information can be signed electronically in accordance with HIPAA regulations.

How do I correct an error in my medical records?

If you discover an error in your medical records, you have the right to request that the error be corrected under HIPAA. The process for correcting errors varies depending on the policies of your healthcare provider, so make sure to contact them for more information on how to correct any errors.

How do I know if my healthcare provider is a covered entity under HIPAA?

In general, most healthcare providers are considered "covered entities" under HIPAA. Covered entities are defined as healthcare providers, health plans, and healthcare clearinghouses that transmit or maintain protected health information (PHI) in electronic form.

Can healthcare providers disclose PHI to family members without authorization?

Under HIPAA, healthcare providers generally cannot disclose protected health information (PHI) to family members or other individuals without the patient's written authorization. However, there are some exceptions to this rule.

If the patient is present and able to make decisions, the healthcare provider may disclose information to the patient's family members or other individuals if the patient agrees to the disclosure. Otherwise, the healthcare provider may disclose information to a family member or other individual if the disclosure is in the patient's best interest and the healthcare provider believes that the patient would not object.