--- name: hipaa-release-form title: HIPAA Release Authorization description: Drafts HIPAA Release Authorization forms compliant with 45 CFR 164.508 for disclosure of protected health information. Typically used in estate planning or healthcare decision-making packets. Use when a client needs a HIPAA authorization, medical records release, PHI disclosure consent, healthcare agent access form, or advance directive bundle. author: CaseMark author_url: https://github.com/CaseMark/skills/tree/main/skills/legal/hipaa-release-form license: Apache-2.0 version: 0.1.0 execution_mode: open jurisdiction: us practice: healthcare language: en tags: [agreement, drafting, regulatory, transactional] --- # HIPAA Release Authorization Drafts a 45 CFR 164.508-compliant authorization allowing designated recipients to obtain PHI for healthcare decision-making. ## Quick Start 1. Gather patient info, recipients, disclosing parties, PHI scope, and purpose. 2. Draft using the template below, ensuring all eight required elements are present. 3. Add sensitive-category addenda and state-required execution blocks. ## Prerequisites 1. Patient legal name, DOB, and contact details. 2. Authorized recipient(s) — full names, roles, contact details. 3. Disclosing party(ies) — named provider(s) or broad covered-entity language. 4. PHI scope and date range, including any specially protected categories. 5. Purpose of disclosure aligned with healthcare agent duties. 6. Expiration date or event. 7. Personal representative authority documentation (if patient is not signer). 8. State-specific execution requirements (witness, notary, special disclosures). ## Required Elements (45 CFR 164.508) | Element | Content | | --- | --- | | Patient identification | Full name, DOB; add contact details if used by providers | | Disclosing parties | Specific provider(s) or broad covered-entity class | | Recipients | Names and roles of agents/representatives | | Description of PHI | Record types and date range | | Purpose | Healthcare decision-making and agent duties | | Expiration | Date or event (e.g., revocation or death) | | Signature | Patient or personal representative with authority | | Required statements | Revocation rights; effect of revocation; no-conditioning notice; redisclosure warning; right to a copy | ## Sensitive Information Addenda Include explicit consent line for each applicable category: | Category | Notes | | --- | --- | | Mental health records | State law may require separate consent | | Substance use treatment (42 CFR Part 2) | Separate Part 2-compliant consent likely required [VERIFY] | | HIV/AIDS testing or treatment | Many states require specific authorization language | | Genetic information | GINA and state restrictions may apply | ## Template AUTHORIZATION FOR RELEASE OF PROTECTED HEALTH INFORMATION (HIPAA) 1. Patient Information Name: [PATIENT NAME] Date of Birth: [DOB] Address: [ADDRESS] Phone: [PHONE] Email: [EMAIL] 2. Person(s)/Entity(ies) Authorized to Disclose [PROVIDER OR "Any health plan, physician, health care professional, hospital, clinic, laboratory, pharmacy, medical facility, or other covered entity that has provided treatment, payment, or services to me."] 3. Person(s)/Entity(ies) Authorized to Receive [AGENT NAME], Healthcare Agent, [ADDRESS/PHONE/EMAIL] [SUCCESSOR AGENT NAME], Successor Healthcare Agent, [ADDRESS/PHONE/EMAIL] 4. Description of Information to Be Disclosed [ ] All of my protected health information, including my complete medical record. [ ] Only the following records: [SPECIFY] Date range: [FROM DATE] to [TO DATE] Sensitive categories (if applicable): [ ] Mental health records [ ] Substance use treatment records (42 CFR Part 2) [VERIFY] [ ] HIV/AIDS testing or treatment [ ] Genetic information 5. Purpose of Disclosure To enable my designated healthcare agent(s) to make informed healthcare decisions, communicate with providers, and carry out duties under my Healthcare Power of Attorney or Advance Directive. 6. Expiration This authorization expires on [DATE] or upon [EVENT], unless revoked earlier in writing by me. 7. Right to Revoke I understand I may revoke this authorization at any time by written notice to the disclosing provider. Revocation will not affect actions already taken in reliance on this authorization. 8. No Conditioning I understand that treatment, payment, enrollment, or eligibility for benefits will not be conditioned on signing this authorization except as permitted by law. 9. Redisclosure Notice I understand that information disclosed pursuant to this authorization may be subject to redisclosure by the recipient and may no longer be protected by HIPAA. 10. Right to a Copy I understand I am entitled to a copy of this signed authorization. 11. Signature Patient Signature: __________________________ Date: ______________ Printed Name: _______________________________ 12. Personal Representative (if applicable) Representative Name: ________________________ Relationship/Authority: ______________________ Signature: __________________________ Date: ______________ 13. Witness/Notary (if required by state law) Witness/Notary: ______________________ Date: ______________ This document should be reviewed by qualified legal counsel before execution. ## Guidelines - Align recipients and purpose with the healthcare power of attorney or advance directive. - Never issue a HIPAA authorization for a signer who lacks capacity unless valid representative authority is documented. - Name specific recipients; avoid "to whom it may concern." - Use a clear expiration date or event; avoid indefinite language where state law restricts it. - If substance use disorder records are involved, confirm Part 2 consent requirements separately. [VERIFY] - Add witness or notary blocks only when required by jurisdiction or provider policy.