Patient Record Release Authorization Elements

Many patient record release forms do not follow the strict guidelines required for HIPAA compliance. Dentists using these forms face the risk of an alleged privacy breach. A HIPAA compliant patient record release form should contain the following elements:
• A specific description of the information and records to be disclose
• The name of the individual or practice that may disclose the information
• The name of the individual who may receive the records
• The purpose of the disclosure or the statement, “at the request of the individual”An expiration date for the authorization
• The patient’s signature or the signature of his/ her representative
– all representatives on behalf of the patient must indicate their authority
• The date that the authorization was signed
The HIPAA compliant form should also include the following statements:
• “I, the undersigned, understand that I have the right to revoke this authorization. I understand the revocation must be in writing and bear my signature. My revocation must be submitted to the above healthcare provider. I understand that if I do revoke this authorization, my revocation will not affect any prior actions taken in reliance on this authorization.”
• “I understand that if the person or entity that receives the described records/information is not subject to federal privacy regulations or other laws, the records/ information may be re-disclosed and no longer protected by those regulations.”
• “I understand that the healthcare provider may not condition treatment, payment, enrollment or eligibility for benefits on whether I sign this authorization. I may refuse to sign this authorization.”