A HIPAA authorization needs to be written in plain language and contain specific and meaningful information that will be used or disclosed.


The Health Insurance Portability and Accountability Act (HIPAA) was designed to protect the personal information that is used in the health care and health insurance industries from theft and fraud. A HIPAA authorization form is a document one signs to allow the disclosure and sharing of his or her protected health information (PHI) in accordance with the HIPAA privacy rule.

This information is generally used by health care providers and for treatment, payment, or other operations related to health care. Disclosing someone’s PHI without his or her consent can attract a hefty fine or even criminal charges.

A HIPAA authorization form needs to be written in plain and easy to understand language and contain a specific and meaningful description information that will be disclosed. It should also list the name of the person whose data will be disclosed and the name of the person or organization who will use this information.

The purpose of this disclosure must also be included, along with the expiration date for it, but these can be vague and indefinite. Finally, the document must be dated and signed by the person authorizing this disclosure or his or her representative.

In addition to listing the above information, a HIPAA authorization must inform the signing individual of his or her right to revoke the authorization, and whether any limitations apply to this right. It must also inform the signing person of whether the authorization is necessary to receive treatment, payment, enrollment, or eligibility for benefits. If it is, then the consequences of a refusal to sign the authorization must be explained.