A HIPAA authorization form is a form which allows specific information related to a patient’s health care to be shared with a specific individual, sometimes under specific circumstances. 

Where Does a HIPAA Authorization Form Come From? 

The HIPAA Authorization form is generally initiated at an individual’s primary care provider’s office. It generally follows the following steps and is a fairly simple process:

• The patient chooses their trusted representative. 
• The form can grant access for one loved one, or multiple, but there can only be one decision maker. 
• The form is signed at the provider’s office
•  This requires the patient to be competent to make decisions in order for the document to be valid.
• The signature of patient activates the document allowing information to be shared, unless otherwise noted and when it is in the best interest of the patient
• NOTE: Keep a copy of the authorized form in a safe environment and regularly assess if the document needs to be updated

When signing a HIPAA Authorization Form, the patient has several options. They can choose from: 

• What type of information can be shared: A patient may opt for a limitation on what information may be shared, or choose to only share specific information.
• A specific date when information can be shared: A patient may choose that their authorization form is only viable during a specific time. This may be the case if someone is undergoing an operation and may not be able to make decisions for themselves for a brief period of time.

It is important that a patient signs their HIPAA Authorization Form when they are fully capable of understanding its importance, and understands what limitations can be utilized if necessary. 

If you’ve been to a doctor’s office, you have probably signed a release of information which allows providers to give the necessary information to the insurance pursuant. In cases where information is shared, the Privacy Rule ensures that your information will only be shared in a secure, HIPAA compliant way.

The signature of the patient is what activates the authorization form, unless otherwise noted. After a HIPAA Authorization form has been signed, it is important to keep a copy of this authorization. Providers may request to view the document to confirm your place as an authorized representative. If your loved one already has an authorization form signed and in place, it can be beneficial to review the document to see if there is an expiration date and make sure that the document is appropriate for their current situation.

A Brief Background of the HIPAA Authorization Form

Privacy is important. It’s something many of us value, especially when it comes to our health. Most of us would feel unhappy, if not violated, if our health information was discussed to people not involved in our treatments, or perhaps even more so, was given to a friend or family member without permission.

The Health Insurance Portability and Accountability Act of 1996, created the Privacy Rule which established the HIPAA Authorization form. This is a key rule which keeps our private health information just that- private. Under this rule, all individuals working with Protected Health Information are obligated to keep that information private and secured. This extends not only to a provider’s network, but to the patients’ as well. Providers are not allowed to give out information, even to family members who appear trustworthy.

This information could be a wide variety of things- sharing the name of a person a doctor has recently seen, to perhaps more sensitive topics such as drug abuse or an HIV/AIDs status. No matter how big or small the information is, it is our private information.

What exactly does the Privacy Rule protect?

Your protected health information (AKA PHI) includes the following information: 

• Demographic information, such as name of patient, date of birth and social security number
• All medical information including physical conditions and mental health issues, such as substance abuse
• Insurance information
• Any other information included in a medical record or psychotherapy notes

Standard practice is that all health care information is kept private. Not only are doctors and nurses required to follow this, but all covered entities are required to follow the law. Covered entities include health plans and health care operations. anyone who could possibly come in contact with PHI is responsible to keep this information private. All health care operations must be “HIPAA compliant” meaning they meet specific standards to keep information secure. 

There are some situations in which there may be a disclosure of protected health information information may be shared, such as for the following purposes: 

• A healthcare professional consulting with another professional. This can only be done when sharing information is in the best interest of the patient.
• A healthcare professional sharing information when the patient is at risk of harming themselves or others.
• If the patient has given express consent for information to be shared- typically given through a HIPAA Authorization form.

What This Means for Caregivers

While the HIPAA Privacy Rule is almost always a good thing, it can make it difficult for well-intentioned caregivers to support their older loved ones– especially if memory concerns are involved. If someone is experiencing a memory impairment, they may not remember information given by a provider at an appointment, and therefore not follow through with instructions. This can be life threatening if someone forgets a medication, treatment or even a procedure. It can make it difficult for a family member to support their loved one, if they don’t have a thorough picture of what their needs entail. Without appointing a representative, It is up to the patient to remember and keep their information organized, unless a HIPAA authorization form has been signed to appoint a personal representative.

Understanding and signing a HIPAA Authorization form is important for anyone, no matter their age. For a caregiver, it is key to be able to have open communication with their loved one’s health care team. While it’s not always an easy conversation to have, caregivers should have open conversations with their loved one’s about their health care, and wishes for future health care so they can act as the best personal representative possible.