In today’s world of cyber attacks and hacks, we have a lot of personal information to protect. While most of us think of our social security number or banking information when we think about sensitive information that we need to protect, there’s another category that you might overlook: your healthcare information.

A privacy law is in place that helps keep healthcare organizations from sharing your personal health information. The HIPAA Privacy Rule is designed to keep patient data safe and to control how it is used, shared and stored.

To access, use or share patient information, healthcare organizations and other entities must ask patients to sign an authorization form. While HIPAA is designed to protect you and your sensitive information, this doesn’t necessarily mean that you should sign any HIPAA form you’re presented with.

If you’ve been asked to sign a HIPAA form and are wondering whether you should, keep reading. We’re breaking down what you need to know about the HIPAA privacy rule, what it should include and how to decide whether or not to sign it.

What is HIPAA?

HIPAA stands for Health Insurance Portability and Accountability Act. This federal law, also known as Public Law 104-191, was signed into effect on August 21, 1996, by then-President Bill Clinton. It was designed to provide data privacy and to help protect individuals’ medical information. This law overrides any state laws regarding the protection of medical information if they are less stringent than HIPAA.

Under HIPAA, patients retain the right to protect their health information. They can obtain a copy of their health records, request corrections and control who can transmit copies of their health records. The HIPAA Privacy Rule requires healthcare professionals to safeguard the privacy of any health information they work with. This means that they can’t share health information without patient permission and must store and send information in a secure manner.

Why Do You Have to Sign a HIPAA Privacy Form?

Under HIPAA, healthcare professionals can’t share patient information without permission. To get this permission, many entities will use a HIPAA Form or HIPAA Authorization Form. This form is an agreement between the patient and an organization that falls under the HIPAA rule.

The HIPAA rules outline when authorization needs to be obtained to use or disclose patient health information, or PHI. When authorization is required, the healthcare organization or other entity will ask that you sign a HIPAA Form. You’ll usually be asked to sign a privacy form when:

  • A healthcare organization wants to use or disclose PHI
  • A healthcare organization wants to use or disclose your PHI for marketing purposes. Authorization for marketing purposes is not required when communication occurs face-to-face between the healthcare organization and the patient or when a promotional gift of nominal value is offered. However, in other circumstances, an authorization form is required.

What Information Must a HIPAA Authorization Contain to be Valid?

Healthcare organizations cannot simply throw together a HIPAA Authorization Form with their choice of information. Instead, the form must include some specific information for it to be valid.

Elements that a HIPAA Authorization Form must include are:

  • The name of the patient in question
  • The name of any other individuals who can use or share the patient’s healthcare information. This might include a spouse or other family member or a designated caretaker.
  • A list of the specific personal health information that’ll be used or shared. When it comes to healthcare information, this may be a more general statement because patients will usually share all pertinent medical information and their medical history.
  • A description of why the information is being requested or how it will be used
  • A date or specific event that must occur, at which point the authorization form will expire. At this time, the private health information included in the authorization form can no longer be shared or used. 

The final thing that a HIPAA Authorization Form needs is the patient’s signature and the date that the form was signed.

What Required Statements Must the HIPAA Authorization Form Contain?

The information outlined above includes any questions that a patient or healthcare organization needs to answer to make a HIPAA Authorization Form valid. But there are also a few statements that the HIPAA Form must include. These statements are designed to ensure patients understand their rights in signing the form.

Some statements that a HIPAA Authorization Form must include are:

  • The patient has the right to revoke their authorization in writing.
  • There are exceptions regarding when authorization can be revoked. If the healthcare organization has taken action in reliance on the authorization, the patient can’t revoke the authorization in writing.
  • The information included in the authorization form can be subject to HIPAA redisclosure by the patient. In this case, the HIPAA Privacy Rule will no longer protect it.
  • The healthcare organization or other covered entity can’t issue treatment, request payment, revoke enrollment or determine the eligibility for benefits based on whether or not the patient signs the authorization form. 
  • There are a couple of exceptions to this that must be outlined as well. The first is that a healthcare provider can choose to only allow research-related treatment if the patient signs the form. The other is that a health plan can make a patient’s enrollment in a health plan provisional, based on whether they will sign the form.

Besides including the above statements, there are a few other things that healthcare organizations or other covered entities must do. They are required to make sure that the information in the HIPAA Form is written in plain language. They must also provide the patient with a copy of their signed HIPAA Authorization Form.

When You Might Be Asked to Sign a HIPAA Form

Because the HIPAA Privacy Rule covers any exchange or use of personal health information, there are a variety of situations when you might be asked to sign a HIPAA Form. Some common times when you’ll likely be asked to sign a HIPAA Form is when you visit a new doctor, clinic or another health office. This includes when seeking treatment for necessary medical care, as well as for elective medical care, such as cosmetic procedures.

If you were to participate in a clinical trial for research purposes, you’d likely be asked to sign a HIPAA Form. When working with a new health insurance provider, you’ll also need to sign a form. 

There are some less common instances when you might be presented with a HIPAA Form. For instance, a healthcare organization might ask to use you in marketing. They may ask to feature a written testimonial from you on their website or even a video of you for a commercial promoting their treatments. In either case, they’ll likely ask that you sign a form, even if the marketing won’t disclose any specific patient information.

If you’re suffering from a rare or unique medical condition, your doctor may ask you to sign a HIPAA Form so that they can share your information with researchers working on treatments or cures.

Finally, if your previous HIPAA Form has expired, you’ve chosen to revoke it or information on it is found to be inaccurate, you will likely be asked to sign a new form.

What to Consider When Asked to Sign a HIPAA Form

As with any agreement, it’s important to ensure you fully understand what you’re signing before you do so. This holds true for a HIPAA Authorization Form, too.

Before signing a HIPAA Form, make sure to read it in full. Even if you think you are simply sharing your medical information with a new doctor, it’s a good idea to read the form to find out where they can share or use your information.

How to Electronically Sign a HIPAA Form

Having to go back and forth to a doctor’s office or other healthcare location to sign a HIPAA Form can be a hassle. It could even cause a delay in your treatment because you may be limited in when you can get to the office to sign. This is especially true if you’re working with doctors or other healthcare professionals outside of your immediate area.

Using an electronic signing service can help with this. But signing a HIPAA Form electronically can be tricky as well. Because you are sharing personal, sensitive health information, it’s important to ensure you’re using a protected online document signing service.

jSign understands the strict HIPAA requirements that healthcare professionals are subject to. Our electronic signing service allows you to safely send, sign and receive HIPAA authorization forms. Our electronic signing service meets all HIPAA compliance and security standards, so patients and healthcare providers can rest assured that they are protected.

Signing a HIPAA Authorization Form

Should you sign a HIPAA authorization form? In most cases, the answer is yes.HIPAA is designed to protect patients’ sensitive health information. Following all HIPAA rules can help to protect healthcare professionals from legal trouble and allow them to better serve their patients. For patients, these forms can give you peace of mind that your personal information is being protected.As long as you can verify that a HIPAA form is authentic and coming from a source that you trust, you should sign a HIPAA form. Doing so will help you protect your sensitive information and give you control over who it can be shared with if you are undergoing a procedure, seeking medical care, joining a research project and more.

Whether you’re a patient who needs to quickly sign a HIPAA Form or a healthcare professional looking for a safer way to send a form, jSign can help. If you’re ready to get signing, click here to learn more about how to use jSign.

Kamran Shafii
Manager, SEO Content

White Pen Icon

Worry-free Document Signing in the Cloud

Whether you’re signing a document or need to collect signatures, jSign makes electronic signing a breeze. Get started today.