In the U.S., specific laws govern the way an individual’s medical information is handled and shared. The Health Insurance Portability and Accountability Act (HIPAA) is designed to protect the privacy of patients. A HIPAA consent form is a document that a patient signs to confirm that he has received a Notice of Privacy Practices statement from the health practitioner’s office as required by law. It should clearly indicate how the facility uses or shares personal information about patients. The practitioner’s office generally provides this to patients, and requires a signed copy before any treatment can commence.
The purpose of the HIPAA consent form is to provide the healthcare facility with permission to release information about the patient as appropriate. It may include disclosing data to insurance companies for the purpose of collecting payment. It can also send treatment plans or diagnostic results to other healthcare providers.
Sometimes a patient may wish to transfer his or her medical records to another facility. It is against the law for a healthcare institution to send that information without a signed HIPAA consent form. If the patient is a minor, a parent or legal guardian can sign the paperwork on behalf of the child.
A signed copy of the HIPAA consent form should be included in every medical file. All healthcare professionals — including psychologist, psychiatrist and dental offices — are usually bound by this law. Compliance with the regulation means that every patient must receive a written statement of how the office handles personal information about the patient.
A HIPAA consent form usually includes a place to indicate who, if anyone, has permission to speak with the medical staff on the patient’s behalf. Unless authorized on the signed paperwork, doctors, nurses, or even the receptionist is not permitted to do so. For example, a friend or family member may call a doctor's office to inquire about a patient's appointment time or test result. The office staff would not be able to answer, unless that individual was authorized on the patient's signed HIPAA consent form.
Non-compliance with the HIPAA law can result in serious financial consequences for the healthcare practitioner. If a medical office fails to obtain a HIPAA consent form for even one patient, it can be fined $100 US Dollars (USD). In some cases, multiple violations result in fines up to $25,000 USD.