What are the main types of HIPAA compliance forms?

In the medical industry, the maxim “not documented, not done” highlights the importance of keeping accurate medical records. As you can imagine, HIPAA has a number of requirements regarding documentation. Always keep HIPAA-compliant forms pertinent to your practice on hand to use with your patients.

Receipt of privacy agreement form

This form documents that the patient acknowledges receiving a copy of your privacy agreement, which states how you comply with HIPAA to protect patient information. A privacy agreement also explains that a patient has the right to request and receive their medical records.

HIPAA medical release form

You’ll need to complete this form when sharing medical information with someone other than the

  • Patient
  • Patient’s legal representative
  • Treating physician
  • Health insurance company
  • Pharmacy


Remember that this information can only be shared on a need-to-know basis to protect the patient’s confidentiality.

You’ll also need a signed release form from the patient when

  • Sharing PHI with a university for research or educational purposes
  • Sharing records with the patient’s attorney for a personal injury lawsuit
  • Transferring records to a departing physician who will continue attending the patient
  • Using a patient’s personal recovery story as part of a marketing campaign

While the patient must give their consent to share their protected health information, you may need additional forms depending on the circumstances.

Records custodian agreement

A records custodian agreement is the form that a departing physician signs when taking patient records to a new practice. It transfers the responsibility for the storage and use of medical records from the covered entity to the departing provider.

Patient intake form

Patient intake forms gather the basic information that you need to know about new patients. Well-designed electronic patient intake forms can significantly enhance the patient’s experience. They also streamline the intake process.

Patients appreciate being able to easily and securely fill out the encrypted form at home or on their smartphone before their appointment. Plus, your practice benefits by having all of the patient’s information before their next appointment.

By using a patient intake form, you’ll be able to

  • Understand the reason for their visit
  • Verify their insurance
  • Review and update office notes
  • Better assess appointment length

Medication and prescription refill forms

These electronic “prescription pads” make it easy to send prescriptions to the pharmacy. Electronic prescription forms put an end to deciphering messy handwriting, photocopying, filing paper scripts, waiting on hold for the pharmacist, and asking sick patients to wait at the pharmacy. They speed up the process so prescriptions are ready when the patient arrives.

Additional benefits of this form are updating existing prescriptions electronically and having a permanent copy of the form in the patient’s electronic file.

Payment request form

Over half of bills are now paid online. If you’re only accepting traditional payment methods or mailing out monthly bills, you could be contributing to nonpayment and increased overhead. After all, time and postage aren’t free.

By sending payment request forms to patients through HIPAA-compliant email, you make it easier for patients to pay their bills. You also reduce your administrative workload. Using these forms in conjunction with common payment processors, like PayPal, Stripe, or Square, makes for a powerful combination.

Business associate agreement

The business associate agreement is a written agreement between you and an individual or entity outside your practice. A business associate could include any software and cloud services that are receiving, transmitting, processing, or storing protected health information. If you use a number of third-party apps that integrate with your software, each app must sign a business associate agreement.

When an entity signs a BAA, they acknowledge their responsibility to keep PHI safe. They also confirm that they have systems in place to comply with HIPAA regulations. Without a signed BAA form, your practice is responsible for any mishandling of PHI that happens on the third party’s watch.

As you’ve seen, there are HIPAA-compliant forms for all areas of your business. Now that you know a little about each one, let’s take a closer look at the form that starts your HIPAA responsibility.

This article is originally published on Jan 29, 2019, and updated on Oct 05, 2021.

Send Comment:

Jotform Avatar
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Comment:

Podo CommentBe the first to comment.