Skip to main content
Forms Legal

HIPAA Authorization Form

HIPAA Authorization Form

AUTHORIZATION FOR DISCLOSURE OF PROTECTED HEALTH INFORMATION

Pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), 45 C.F.R. Parts 160 and 164

I, Patient Name, hereby authorize the use and/or disclosure of my individually identifiable health information as described below. I understand that this authorization is voluntary and that I may refuse to sign this authorization. My refusal to sign will not affect my ability to obtain treatment, payment, enrollment, or eligibility for benefits.

1. PATIENT INFORMATION.

Patient Name: Patient Name

Date of Birth: Date of Birth

Address: Patient Address, City, State ZIP Code

Phone: Patient Phone | Email: Patient Email

Date of Authorization: Authorization Date

2. PERSONS/ENTITIES AUTHORIZED TO DISCLOSE AND RECEIVE INFORMATION.

I authorize the following covered entity or healthcare provider to disclose my protected health information:

Covered Entity/Provider: Covered Entity

Address: Covered Entity Address

Phone: Covered Entity Phone

The above-named entity is authorized to disclose my protected health information to:

Authorized Recipient: Recipient Name

Address: Recipient Address

Phone: Recipient Phone

3. DESCRIPTION OF INFORMATION TO BE DISCLOSED.

Type of Information: Information Type

Date Range: Date Range Start through Date Range End

I authorize the disclosure of the following specific health information:

Information Description

This authorization covers only the specific information described above. Any information not specifically identified herein is excluded from this authorization and shall not be disclosed.

4. PURPOSE OF DISCLOSURE.

The information described above is being disclosed for the following purpose(s): Purpose.

If this authorization was initiated by the individual, the covered entity may complete the purpose section with a statement that the disclosure was requested by the individual.

5. EXPIRATION.

This authorization shall expire on Expiration Date, or upon the occurrence of the following event, whichever occurs first: completion of the purpose for which the information was requested. If no expiration date or event is specified, this authorization shall expire one (1) year from the date of execution.

6. RIGHT TO REVOKE.

I understand that I have the right to revoke this authorization at any time by submitting a written revocation to Covered Entity at Covered Entity Address or by calling Covered Entity Phone. I understand that any revocation will not be effective to the extent that the covered entity has already taken action in reliance on this authorization, or if this authorization was obtained as a condition of obtaining insurance coverage and the insurer has a legal right to contest a claim under the policy.

7. REDISCLOSURE NOTICE.

I understand that information disclosed pursuant to this authorization may be subject to redisclosure by the recipient and may no longer be protected by federal privacy regulations under HIPAA. However, applicable state law may provide additional protections against redisclosure of certain categories of health information.

8. ADDITIONAL NOTES.

Additional Notes

IMPORTANT NOTICES

This authorization is voluntary. You are not required to sign this form. Your refusal to sign will not affect your ability to receive healthcare services, obtain insurance, or receive payment for healthcare services. You have the right to receive a copy of this authorization after signing. You may inspect or receive a copy of the health information disclosed under this authorization by contacting the covered entity. If you have questions about this authorization or your privacy rights, you may contact Covered Entity at Covered Entity Phone or file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights.

SIGNATURES.

By signing below, the Patient (or authorized personal representative) certifies that this authorization has been completed in its entirety, that all information is accurate, and that this authorization is being provided voluntarily.

PATIENT (or Authorized Representative):

Name: Patient Name

Date: Patient Sign Date

Party 1

________________

Signature

Date: ________________

Party 2

________________

Signature

Date: ________________

Maintained by Vladislav Sergienko, Founder·Template last modified: ·Report an error

What Is a HIPAA Authorization Form?

A HIPAA Authorization Form in the United States grants documented consent to the action it describes, on the conditions it states.

HIPAA's Privacy Rule (45 CFR Parts 160 and 164) establishes that covered entities may not use or disclose PHI without patient authorization except in specifically enumerated circumstances — such as treatment coordination between providers, claims processing, public health reporting, and law enforcement requests supported by court orders. For all other uses and disclosures, including releasing records to attorneys, life insurance companies, employers (outside of workers' compensation), family members who are not personal representatives, and researchers, a valid HIPAA authorization is required.

The authorization differs from a general consent to treatment, which healthcare providers typically obtain at intake. While consent to treatment permits providers to use PHI for ongoing care, the HIPAA authorization is a separate, more specific document that addresses disclosures beyond the treatment relationship. Under 45 CFR Section 164.508(b)(1), covered entities may not condition treatment, payment, enrollment, or eligibility on the patient signing an authorization, except in limited circumstances involving research or pre-enrollment underwriting.

When Do You Need a HIPAA Authorization Form?

A HIPAA authorization is required whenever a patient wants medical records sent to a third party outside the treatment relationship. The most common scenario is personal injury litigation, where an attorney needs the client's medical records, imaging studies, and billing statements to support a claim. Insurance companies conducting pre-enrollment medical underwriting or processing life insurance applications also require HIPAA authorizations to obtain an applicant's health history from treating physicians.

Employers requesting medical information beyond what is permitted under the Americans with Disabilities Act (ADA) or the Family and Medical Leave Act (FMLA) need a HIPAA authorization — for instance, when an employee voluntarily participates in a workplace wellness program that requires access to medical records. Disability insurance carriers, both short-term and long-term, require authorizations to verify claimants' medical conditions with their healthcare providers.

Other frequent use cases include parents requesting records for adult children (who are no longer covered by the parental access exception after age 18), patients transferring care to a new provider in a different health system, researchers recruiting subjects for clinical trials (unless an IRB has granted a waiver of authorization under 45 CFR Section 164.512(i)), and patients seeking to release their own psychotherapy notes — which receive heightened protection under 45 CFR Section 164.508(a)(2) and require a separate, specific authorization even from the patient.

What to Include in Your HIPAA Authorization Form

Under 45 CFR Section 164.508(c), a valid HIPAA authorization must contain specific core elements to be enforceable. The document must identify the patient by name, date of birth, and other identifying information, and must specify the covered entity (or class of entities) authorized to make the disclosure. The authorized recipient — the person or organization who will receive the PHI — must also be specifically identified rather than stated in general terms.

The authorization must include a specific and meaningful description of the information to be disclosed. Vague language such as "all medical records" may be acceptable in some contexts, but more specific descriptions — such as "office visit notes, lab results, and diagnostic imaging from January 2024 through present relating to treatment of lumbar spine condition" — are preferred and may be required by state laws that impose stricter standards than HIPAA's floor. The purpose of the disclosure must be stated (or may indicate "at the request of the individual").

The authorization must contain an expiration date or expiration event (such as "upon resolution of the legal claim"), a statement of the patient's right to revoke the authorization in writing at any time (with the caveat that revocation does not affect disclosures already made in reliance on the authorization), and a statement that information disclosed pursuant to the authorization may be subject to re-disclosure by the recipient and no longer protected by HIPAA. The document requires the patient's signature and date — or the signature of the patient's personal representative with a description of their authority (such as healthcare power of attorney or court-appointed guardian). Psychotherapy notes, HIV/AIDS records, substance abuse treatment records (42 CFR Part 2), and genetic information may require separate or additional authorization language under federal and state law.

Sources & Citations

Statutory citations link to official government sources.

  1. Americans with Disabilities ActUS – Cornell LII
  2. ADAUS – Cornell LII
  3. Family and Medical Leave ActUS – Cornell LII
  4. FMLAUS – Cornell LII
  5. HIPAAUS – Cornell LII

Cite this page

Reference this free template in an article, syllabus, or research note:

APA

Forms Legal. (2026). HIPAA Authorization Form (United States) [Legal document template]. Forms Legal. https://forms-legal.com/usa/estate-planning/healthcare-directives/hipaa-authorization-form

MLA

"HIPAA Authorization Form (United States)." Forms Legal, 2026, https://forms-legal.com/usa/estate-planning/healthcare-directives/hipaa-authorization-form.

BibTeX
@misc{formslegal-hipaa-authorization-form,
  author       = {{Forms Legal}},
  title        = {HIPAA Authorization Form (United States)},
  year         = {2026},
  howpublished = {\url{https://forms-legal.com/usa/estate-planning/healthcare-directives/hipaa-authorization-form}},
  note         = {Free legal document template. Based on Health Insurance Portability and Accountability Act (HIPAA), 45 CFR Part 164}
}

Frequently Asked Questions

Based on Health Insurance Portability and Accountability Act (HIPAA), 45 CFR Part 164 — Template last modified June 2026Verify the source →

This template is provided for informational purposes only and does not constitute legal advice. Laws vary by jurisdiction and change over time. Consult a qualified attorney for advice specific to your situation.Full disclaimer

Found an error? Let us know

Related Documents

You may also find these documents useful:

Medical Consent Form

Heading into surgery, a medical procedure, or experimental treatment? A Medical Consent Form documents that a patient understands the risks, benefits, and alternatives — and agrees to proceed. It's not just paperwork; it's informed consent, a cornerstone of medical ethics and a legal shield for practitioners. Our template covers the procedure description, known risks, expected outcomes, the right to refuse, and provider information. Fill in the details, preview in real time, and download as PDF or Word — free, no sign-up needed.

Advance Directive Form

Create a professional Advance Directive Form with our free online generator. This essential legal document allows you to specify your healthcare preferences in case you become unable to communicate your wishes. It covers life-sustaining treatment decisions, organ donation preferences, pain management instructions, and designation of a healthcare agent or proxy. Recognized in all US states, an advance directive ensures your medical care aligns with your personal values. Fill out the interactive form with guided fields, preview your document in real time, and download as PDF or Word. Includes electronic signature support under the ESIGN Act. No registration required.

Power of Attorney

Life gets complicated — what happens if you can't make it to a real estate closing, need someone to handle your finances while you're overseas, or want a trusted person making medical decisions on your behalf? A Power of Attorney solves all of these. It legally authorizes someone you trust to act in your name for specific matters. Our free template lets you choose the scope of authority, set time limits, and include safeguards. Fill it out online, preview the document, and download a ready-to-sign PDF or Word file.

Advance Healthcare Directive

What happens if you're in a coma or can't speak for yourself? A Living Will (Advance Directive) tells doctors and your family exactly what medical treatment you do or don't want — life support, resuscitation, pain management, organ donation. It takes the guesswork out of impossible decisions and spares your loved ones from agonizing over what you'd choose. Our template covers end-of-life care preferences, healthcare proxy designation, and specific treatment instructions. Fill it out, preview live, and download as PDF or Word — free, no sign-up.

Consent Form

Create a professional General Consent Form with our free online generator. This versatile legal document obtains written permission from an individual to participate in an activity, receive a service, or authorize a specific action. Adaptable for medical procedures, research studies, educational programs, recreational activities, and business services. Clearly defines the scope of consent, associated risks, the right to withdraw consent at any time, and liability limitations. Essential for healthcare providers, educational institutions, event organizers, and service providers. Customize every detail with guided fields and helpful hints, preview in real time, and download as PDF or Word. Includes electronic signature support. No registration required. Valid in all US states.