Loading...
compliance

PHI Authorization to Release Form

PHI Authorization to Release Form template for collecting a patient’s consent to share protected health information with a named recipient, for a defined purpose and time period.

Fill it now — Free Get Started
Customize with AI → Live preview →

Trusted by frontline teams 15 years of frontline software AI customization in seconds

Built for: Healthcare Providers · Medical Records Departments · Behavioral Health Clinics · Hospitals · Health Insurance Administration

Overview

This PHI Authorization to Release Form template is designed to document a patient’s permission to disclose protected health information to a specific recipient for a defined purpose and time period. It includes fields for patient information, recipient details, disclosure scope, purpose, duration, revocation acknowledgement, redisclosure acknowledgement, and signature.

Use this template when a patient wants records sent outside the treating organization, when a third party requests access, or when your workflow requires explicit authorization before sharing PHI. The structure supports clear field validation, progressive disclosure for optional details, and a cleaner audit trail than a free-form paper release request.

Do not use this form for routine treatment operations that do not require patient authorization, and do not broaden the disclosure scope beyond what is needed. If the request involves only a narrow set of records, keep the scope narrow and avoid collecting unnecessary PII. This template is also not a substitute for legal review when a request involves minors, guardianship, substance use records, or other special handling rules. The goal is to capture only the information needed to process the release, confirm consent, and make the authorization easy to review later.

Standards & compliance context

  • This template supports HIPAA-aligned minimum-necessary disclosure by encouraging a specific recipient, purpose, and scope rather than a broad open-ended release.
  • The form should follow data minimization principles by collecting only the patient and disclosure details needed to process the authorization.
  • If the form is public-facing or submitted online, it should meet WCAG 2.1 AA accessibility expectations, including clear labels, keyboard access, and readable validation messages.
  • Where applicable, the revocation and redisclosure acknowledgements help create a clearer audit trail for later review of the authorization.

General regulatory context for orientation only — verify current requirements with counsel or the relevant agency before relying on this template for compliance.

What's inside this template

Patient Information

This section identifies the patient so the release can be matched to the correct record without exposing unnecessary PII.

  • Patient Full Name (required)
  • Date of Birth
    Optional unless needed to distinguish records. Do not collect if not necessary.
  • Medical Record Number
    Optional internal identifier if your organization uses one.
  • Phone Number

Recipient and Disclosure Details

This section defines exactly who may receive the PHI and what information may be shared, which is the core of the authorization.

  • Recipient Name (required)
  • Recipient Organization
  • Relationship to Patient
  • Information to Be Released (required)
  • Describe Other Information

Purpose and Duration

This section limits why the disclosure is allowed and how long the authorization remains valid.

  • Purpose of Disclosure (required)
  • Authorization Start Date (required)
  • Authorization End Date
    Leave blank if the authorization expires on a specific event instead of a date.
  • Expiration Event
    Use this only if the authorization expires based on an event, such as completion of treatment or a specific claim decision.

Revocation and Consent

This section documents the patient’s consent, explains how it can be withdrawn, and captures the signature needed to make the release actionable.

  • I understand that I may revoke this authorization in writing at any time, except to the extent action has already been taken in reliance on it. (required)
  • I understand that information disclosed under this authorization may no longer be protected by HIPAA if received by a non-covered entity. (required)
  • I authorize the release of the PHI described above to the recipient listed on this form. (required)
  • Patient Signature (required)
  • Signature Date (required)

How to use this template

  1. 1. Enter the patient’s identifying details using the correct field types, such as a date picker for date of birth and a text field for the medical record number.
  2. 2. Specify the recipient by name and organization, then use the relationship field to clarify whether the recipient is a provider, family member, attorney, insurer, or other party.
  3. 3. Define the disclosure scope with the narrowest practical selection, and use the other information description field only when the requested PHI does not fit the preset options.
  4. 4. Set the purpose and duration by entering the reason for disclosure, the start and end dates, or the expiration event that will end the authorization.
  5. 5. Review the revocation and redisclosure acknowledgements with the patient, then capture the signature and signature date before releasing any information.
  6. 6. Store the signed form in your records workflow and route it to the staff member responsible for fulfilling the release request and maintaining the audit trail.

Best practices

  • Mark only the fields that are truly required, because forcing every field to be mandatory can delay legitimate release requests.
  • Use conditional logic to show the 'other information description' field only when the disclosure scope requires it.
  • Keep the disclosure scope narrow and specific, such as a date range or document type, instead of collecting a broad release by default.
  • Use clear consent language that explains what will be shared, with whom, and for how long the authorization remains valid.
  • Include a plain-language revocation step so patients know how to withdraw authorization and what cannot be undone after disclosure.
  • Validate dates with a date picker and avoid free-text date entry, which reduces errors in expiration handling.
  • Limit access to completed forms and related PHI to staff who need it to process the release request.

What this template typically catches

Issues teams running this template most often surface in practice:

The recipient is named too vaguely, which makes it unclear who may receive the PHI.
The disclosure scope is broader than necessary, such as requesting the full record when only one document type is needed.
The authorization end date or expiration event is missing, leaving the release period undefined.
The form collects extra PII that is not needed to process the request.
The revocation acknowledgement is omitted or written in legal language that patients may not understand.
The signature date is missing, which can make the authorization harder to validate later.
The 'other information description' field is used even when a predefined disclosure option would be clearer.

Common use cases

Primary care records sent to a specialist
A primary care office uses this form when a patient wants labs, visit notes, or imaging reports sent to a specialist before a referral appointment. The recipient and scope fields keep the release limited to what the specialist actually needs.
Behavioral health release to an outside clinician
A behavioral health clinic uses this template to document consent before sharing selected records with another treating clinician. The duration and revocation fields are especially important when the patient wants time-limited coordination of care.
Hospital release to an attorney or insurer
A hospital records team uses the form when a patient authorizes disclosure to a legal representative or insurance carrier. The template helps staff confirm the exact recipient, purpose, and scope before sending any PHI.
Family access for a named caregiver
A patient may authorize release of specific information to a family member or caregiver who is helping manage appointments or follow-up care. The relationship field and consent acknowledgement make the authorization easier to review and file.

Frequently asked questions

What does this PHI Authorization to Release Form cover?

This template captures the patient’s identifying details, the recipient of the information, what PHI may be disclosed, why it is being shared, and when the authorization ends. It also includes revocation and redisclosure acknowledgements so the consent terms are explicit. Use it when a patient must authorize release of records or a specific subset of PHI to a third party.

When should I use this form instead of a general intake form?

Use this form when the request is about sharing protected health information outside the treating organization, not for routine care intake. It is appropriate for requests to send records to another provider, an attorney, an insurer, a family member, or another named recipient. Do not use it as a substitute for treatment consent, payment authorization, or a general medical history form.

Who should complete and sign this form?

The patient should complete and sign it, or a legally authorized personal representative should sign when applicable. Staff can help explain the fields, but the authorization itself should reflect the patient’s intent and the exact disclosure requested. If a representative signs, the form should capture the relationship and any authority to act on the patient’s behalf.

How specific does the disclosure scope need to be?

As specific as possible. The form should identify whether the release is for a full record, a date range, a particular condition, or a defined document set, rather than collecting broad, open-ended permission. Narrow scope supports data minimization and reduces the chance of disclosing more PHI than necessary.

What are common mistakes when using this template?

Common mistakes include leaving the recipient vague, using free-text where a controlled field would be clearer, and omitting an end date or expiration event. Another frequent issue is failing to explain revocation, which leaves patients unsure how to withdraw consent later. A final pitfall is collecting more PHI than needed for the stated purpose.

Does this form need a revocation acknowledgement?

Yes, it should. The patient should be told how to revoke the authorization, what happens after revocation, and that prior disclosures may not be reversible. That acknowledgement helps set expectations and creates a clearer audit trail for the release process.

How should I customize this template for different use cases?

Use conditional logic to show only the fields needed for the release type, such as adding an 'other information description' field only when the disclosure scope is not predefined. You can also tailor the recipient options, expiration rules, and signature workflow to match your clinic, hospital, or records department. Keep required fields limited to what is necessary to process the request.

Can this form be used with electronic records workflows or integrations?

Yes. It can be paired with e-signature, document storage, and EHR or records-management workflows so the signed authorization is retained with an audit trail. If you integrate it, make sure the final signed version is stored securely and that access is limited to staff who need it to process the release.

Related templates

Inspections

Active Shooter Run Hide Fight Drill Evaluation

Use this Active Shooter Run Hide Fight Drill Evaluation template to document how staff announce t...
Sop

Code Blue Activation

Code Blue Activation SOP template for cardiopulmonary arrest response, from arrest confirmation t...
Hr Policy

Anti-Harassment & Anti-Discrimination Policy

Anti-Harassment & Anti-Discrimination Policy template for defining prohibited conduct, reporting ...
Workspace

HIPAA Risk Assessment Workspace

HIPAA Risk Assessment Workspace template for planning scope, inventorying ePHI assets, scoring ri...
Epms

Annual Performance Review - CNA

Annual Performance Review - CNA is a Certified Nursing Assistant review template for evaluating p...

Ready to use this template?

Get started with MangoApps and use PHI Authorization to Release Form with your team — pricing built for small business.

Get Started Customize with AI
Ask AI Product Advisor

Hi! I'm the MangoApps Product Advisor. I can help you with:

  • Understanding our 40+ workplace apps
  • Finding the right solution for your needs
  • Answering questions about pricing and features
  • Pointing you to free tools you can try right now

What would you like to know?

AI-generated responses may not be 100% accurate