Authorization for Release of Protected Health Information
The HIPAA privacy rule became effective April 14, 2003, and established standards for information disclosure including what constitutes a valid authorization. HIPAA applies to covered entities, defined by the rule to include health plans, healthcare clearinghouses, and healthcare providers that transmit specific information electronically.
Section 164.508 of the final privacy rule states that covered entities may not disclose protected health information (PHI) without a valid authorization, except as otherwise permitted or required in the privacy rule.
Click here to access the: HIPAA Authorization Form.