Skip Navigation


Can an Authorization be used together with other written instructions from the intended recipient of the information?

Can an individual revoke his or her Authorization?

Does the HIPAA Privacy Rule permit doctors, nurses, and other health care providers to share patient health information for treatment purposes without the patient’s authorization?

Does the HIPAA Privacy Rule prohibit researchers from conditioning participation in a clinical trial on an authorization to use/disclose existing protected health information?

Does the Privacy Rule permit a covered entity to use or disclose protected health information pursuant to an Authorization form that was prepared by a third party?

Does the Privacy Rule require that an Authorization be notarized or include a witness signature?

Is a copy, facsimile, or electronically transmitted version of a signed Authorization valid under the Privacy Rule?

May a covered entity disclose protected health information specified in an Authorization, even if that information was created after the Authorization was signed?

May a covered entity use or disclose a patient’s entire medical record based on the patient’s signed Authorization?

May a valid Authorization list categories of persons who may use or disclose protected health information, without naming specific individuals or entities?

Must an Authorization include an expiration date?

What is the difference between “consent” and “authorization” under the HIPAA Privacy Rule?

When is an authorization required from the patient before a provider or health plan engages in marketing to that individual?