Updated on May 26th, 2023
HIPAA forms are documents for health practitioners to safeguard patient health information (PHI) from being shared or released without their consent.
The collection of forms is meant to set security protocols for health care providers, business associates, and employees when accessing and using medical records.
By Type (12)
- Amendment Request Form
- Breach Notification Form
- Business Associate Agreement (BAA)
- Child Consent Form
- Employee Confidentiality Agreement – non-disclosure (NDA)
- Notice of Privacy Practices Form
- Patient Access Request Form
- Patient Complaint Form
- Release Form – authorization, consent, waiver, (include links to all 50 state versions), dental, pharmacy,
- Request for Restriction Form
- Risk Assessment Form
- Subcontractor Agreement
What is HIPAA?
The Health Insurance Portability and Accounting Act of 1996 (located in 45 CFR Part 160, Part 162, and Part 164) are rules made to establish protocols for:
- Informing patients. Let patients know about their privacy rights and how their PHI may be used and disclosed (45 CFR § 164.520).
- Obtaining consent. To get consent to use and disclose their PHI for purposes other than treatment, payment, or health care operations (45 CFR § 164.508).
- Employee confidentiality. Ensuring that employees adhere to PHI’s confidential and private use (45 CFR § 164.502(a)).
- 3rd party access. Requiring 3rd parties to adhere to HIPAA policies when accessing providers’ PHI (45 CFR § 164.504(e)).
- Managing risk. For an organization to make a risk assessment and determine potential weak points in its processes (45 CFR 164.308(a)(1)(ii)(A)).
- Reporting breaches. To report breaches to the U.S. Dept. of Health and Human Services if unauthorized data is leaked or accessed (45 CFR §§ 164.400 to 164.414).
- Receiving complaints. To handle complaints or alleged violations of their privacy rights (45 CFR § 160.306).
Common Terms (Glossary)