This checklist is intended to be used when an authorization is received to release protected health information (PHI). The PHI requested may only be released if all the elements contained in this checklist are included.
[ ] A specific and meaningful description of the PHI to be used or disclosed, meaning enough description to define what is being requested.
[ ] The name of the person, class of persons, or organization requested to make the disclosure of PHI, e.g., the name of the practice.
[ ] The name or other identification of the person, class of persons, or organization to whom the covered entity, e.g., the practice, is disclosing the protected health information.
[ ] A description of the purpose of the use or disclosure of PHI. If the patient has requested the disclosure, indicate “at the request of the patient.”
[ ] An expiration date or an expiration event of the authorization that relates to the purpose of the use or disclosure.
[ ] A statement that the patient has a right to revoke the authorization including how the patient may revoke the authorization.
[ ] A statement that treatment, payment, enrollment, or eligibility for benefits cannot be conditioned on the authorization.
[ ] The potential that the patient’s PHI may be re-disclosed by the recipient and will no longer be protected by the federal privacy regulations.
[ ] The individual’s (or personal representative’s) signature and the date of signature.
[ ] If the authorization is executed by a personal representative, a description of that person’s authority to act for the individual.
[ ] If the authorization is for the purpose of using PHI for marketing and the covered entity will receive direct or indirect payment, the patient must be informed of this information.