Many patient record release forms do not follow the strict guidelines required for HIPAA compliance. Dentists using these forms face the risk of an alleged privacy breach. A HIPAA compliant patient record release form should contain the following elements:
• A specific description of the information and records to be disclosed
• The name of the individual or practice that may disclose the information
• The name of the individual who may receive the records
• The purpose of the disclosure or the statement, “at the request of the individual” An expiration date for the authorization
• The patient’s signature or the signature of his/ her representative
– all representatives on behalf of the patient must indicate their authority
• The date that the authorization was signed
The HIPAA compliant form should also include the following statements:
• “I, the undersigned, understand that I have the right to revoke this authorization. I understand the revocation must be in writing and bear my signature. My revocation must be submitted to the above healthcare provider. I understand that if I do revoke this authorization, my revocation will not affect any prior actions taken in reliance on this authorization.”
• “I understand that if the person or entity that receives the described records/information is not subject to federal privacy regulations or other laws, the records/ information may be re-disclosed and no longer protected by those regulations.”
• “I understand that the healthcare provider may not condition treatment, payment, enrollment, or eligibility for benefits on whether I sign this authorization. I may refuse to sign this authorization.”
Author(s)
