HIPAA Authorization for Release of Plaintiff's Medical Information

Summary

This template is executed by a plaintiff in employment litigation to authorize the plaintiff's health care provider to disclose the plaintiff's protected health information (PHI) to an attorney for the defendant employer pursuant to the Health Insurance Portability and Accountability Act (HIPAA). The template contains practical guidance and drafting notes. HIPAA strictly limits how, and for what purposes, covered entities, including health providers, can use or disclose PHI. PHI refers generally to health information collected, created, or handled by a covered entity that can be linked to an individual. Unless the statute specifically permits a use or disclosure of PHI, the covered entity may only proceed after receiving the affected individual's authorization to do so, obtained in accordance with 45 C.F.R. § 164.508(c). The employer's attorney should prepare this template before furnishing it to the plaintiff for his or her signature. For a full listing of key content covering HIPAA considerations, see HIPAA Resource Kit. For a full listing of related data security & privacy content for first-year associates, see First-Year Associate Resource Kit: Data Security and Privacy. For a full listing of data security content that applies to federal government agencies, see Data Security & Privacy for Government Agencies Resource Kit. For guidance on using a HIPAA authorization to obtain a plaintiff employee's release of his or her medical information in an employment discrimination litigation, see the subsection called Obtaining Mental Health / Medical Records in Compensatory Damages in Employment Discrimination Cases. For more information on HIPAA generally, see HIPAA Resource Kit.