Release of Patient Information
Authorization for Use and Disclosure of Protected Health Information
Due to changes in federal law, a revised release of information disclosure
form must be used for all requests for personal health information.
Directions: Please print
this form, fill it out completely and bring it to the Cox Health Information
Management Release of Information Desk at either Cox South or Cox North.
The office at Cox South is located inside the main entrance through the
lobby and down the first hall to the right (west), next to Cox South Administration.
At Cox North, the office is inside the Outpatient Entrance (Robberson
street access) down the hall to the right.
Background information: The federal government published the standards
for privacy of individually identified health information on December
28, 2000. These standards are also known as the HIPAA privacy rule. The
rule establishes standards for information disclosure - including what
constitutes a valid authorization. Below is an overview of this information
for future reference. As of April 14, 2003, each hospital will need to
comply with the new HIPAA rules.
The central HIPAA rule (Section 164.508) pertaining to the release of
health information states that a valid authorization for the release of
patient information must be in plain language and contain the following
- a specific and meaningful description of the information to be disclosed
- the name of the covered entity (hospital) or individual authorized
to make the disclosure
- the name of the covered entity or person to whom the hospital or individual
can make the disclosure
- an expiration date or event that relates to the individual or the
purpose of the use or disclosure
- a statement of the individual's right to revoke the authorization
- a statement about the exceptions to the right to revoke
- a description of how the individual may revoke the authorization
- a statement that information used or disclosed pursuant to the authorization
may be subject to re-disclosure by the recipient and no longer be protected
by the rule
- signature of the individual
- the date
- if the authorization is signed by a personal representative of the
individual, a description of such representative's authority to act
for the individual.
The authorization for release of information is not valid, according
to the privacy rule, if the authorization has any of the following defects:
- the expiration date or event has passed
- the authorization has not been filled out completely with respect
to the required content listed above
- the authorization is known by the covered entity to have been revoked
- the authorization is a prohibited type of compound authorization (must
not be combined with any other document or request)
- any material information in the authorization is known by the hospital
to be false.
Top of page
Health Information Management Department - Release of Information
Rights & Responsibilities
Notice of Privacy Statement
Release of Patient Information
for Use and Disclosure of Protected Health Information form