Solve Life’s Puzzles

A special needs trust can protect certain government benefits. If you need assistance, contact Duncan Legal in Colorado today.

Everything You Need to Know About HIPAA Authorization

Do you need help understanding how HIPAA Authorization works? Get in touch with Duncan Legal, PC, for a detailed explanation. Call us today.

What Is HIPAA Authorization and When Is It Needed?

The privacy of your medical information and records is protected under the law. No one other than yourself and those authorized by law can get access to your health information without your consent. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy rule protects your medical information and personal identifiers from unauthorized use or disclosure by a covered entity. This information is known as protected health information (PHI) under HIPAA, and it includes:

  • Your past, present, and future physical or mental health
  • Treatment for your medical conditions
  • The payment for such treatments

A covered entity means healthcare providers, health plans, and healthcare clearinghouses who share and transmit medical information covered under HIPAA electronically.

The HIPAA Privacy Rule allows a covered health care provider and its business associates to use your PHI without authorization for treatment, payment, health care operations, law enforcement investigations, and emergencies.

Any access to your medical information for a purpose not covered under the privacy rule will require your authorization, including access by your family members or lawyer.

In this case, you must give your healthcare provider HIPAA authorization, giving them consent to use or disclose your medical records. This authorization is voluntary, and you can revoke it anytime.


Is Authorization the Same as Consent Under HIPAA?

HIPAA authorization differs from informed consent documents or other permission forms in several ways. Here are some of the main differences:

  • Authorization is required under the HIPAA Privacy Rule as opposed to consent, which is voluntary. Health care providers can ask for your consent before sharing your information for covered purposes but are required to do so for all other uses.
  • Consent has no specific format or content requirements. Covered entities can design their own consent procedures. However, patient authorization should be in writing and include the required core elements.

Patient consent and authorization forms are similar in that they express the patient’s permission to share their medical information. The main difference lies in what type of information is concerned and for what purpose.

A healthcare provider can combine HIPAA authorization and an informed consent document to create a research database or conduct a research study. However, the patient can revoke consent and authorization forms at any time. The revocation must be clearly expressed in writing.

What Are the Benefits of Having a HIPAA Authorization Form?

A HIPAA authorization form can be a great addition to your estate plan. Coupled with other estate planning documents, such as a Colorado living will and medical power of attorney, you can ensure that all your health care needs are covered.

Here are some benefits of having a HIPAA authorization form:

  • You allow trusted third parties, such as your family and lawyer, to access your protected health information.

  • You make sure your authorized people can access any critical information required for your treatment in cases of emergency.

  • Your family or chosen recipients of the authorization can contact and communicate with your healthcare on your behalf if you are unavailable or become incapacitated.

How To Create a Valid Authorization Form

Here are the steps and elements for making a valid HIPAA authorization form:

Step 1: Consult an estate planning attorney for legal guidance on your unique situation. A lawyer is better suited to determine whether you should give HIPAA authorization and what information should be disclosed. They will also inform you on how this authorization will interact with other estate planning documents you may have.

Step 2: Identify yourself and the person or entity you are authorizing. Include your name, address, date of birth, and Social Security number.

Step 3: Specify the purpose and scope of the authorization and the name of the authorized person or entity. State why you are giving the authorization and what PHI you allow to be used or disclosed.

Step 4: Include an expiration date or event.

Step 5: Acknowledge your rights and responsibilities. These include:

  • The right to refuse to sign the authorization

  • The right to revoke the authorization at any time by notifying the person or entity in writing

  • The right to request an accounting of disclosures of your PHI

  • The responsibility to inform the entity of changes in your PHI

  • The responsibility to ensure that the entity complies with the terms and conditions

Step 6: Sign and date the authorization form.

Duncan Legal PC Can Help You

Estate planning attorneys at Duncan Legal, PC, have been serving Colorado residents for three decades. We have the experience and knowledge to help you with all your estate planning needs, including HIPAA authorizations.

Here’s how we can help you:

  • Clarify the legal terms and concepts related to the HIPAA privacy rule and its provisions

  • Advise you on the benefits and risks of creating a HIPAA authorization and how to weigh them according to your needs

  • Explain your protected health information to know what to authorize or restrict

  • Choose and communicate with the person or entity you authorize.

  • Revoke or modify the authorization if needed.

  • Draft a valid HIPAA authorization form that meets Colorado state laws.

Contact us to schedule your free consultation with an estate planning attorney in Centennial, CO.

Flat-fee options are available for wills, trusts and probate:

(303) 394-2358