Kaiser HIPAA Authorization Form: Access or Share Your Medical Records

Purpose of HIPAA Authorization

The Kaiser HIPAA Authorization Form—often titled Authorization for Release of Health Information—is the patient consent form you use to permit Kaiser Permanente to disclose your Protected Health Information (PHI) to a person, organization, or app, or to send it directly to you. You control what is shared, with whom, and for what purpose when a disclosure is not otherwise allowed for treatment, payment, or health care operations.

This authorization supports federal privacy law compliance by documenting your permission for medical records disclosure. You can tailor it to a one-time release or an ongoing share for a limited period, helping you coordinate care, manage insurance appeals, or provide records for legal, school, or personal needs.

Who can sign

You, the patient, sign the authorization. A personal representative (such as a parent/guardian, health care agent, or someone with a valid power of attorney) may sign when permitted, but must provide documentation showing authority. Additional state rules may apply for minors or certain sensitive records.

What a valid authorization includes

• A clear description of the information to be disclosed (type of records and date range).
• The name of the person or entity authorized to receive the information.
• The purpose of the disclosure (for example, coordination of care or insurance review).
• An expiration date or event that ends the permission.
• Your signature and date, plus required notices about your right to revoke and the potential for redisclosure.

Types of Health Information Covered, Including Sensitive Information

Your PHI can include a wide range of records created or held by Kaiser Permanente. You can narrow or broaden the scope so only what you need is released, strengthening sensitive health data protection.

Common categories you may authorize

• Visit summaries, clinician notes (excluding psychotherapy notes), lab results, imaging, and test reports.
• Medication lists, allergies, immunizations, and care plans.
• Surgical reports, hospital records, and emergency department notes.
• Billing, claims, and insurance information relevant to your request.

Sensitive information that often requires specific permission

Many forms provide checkboxes for categories that require explicit consent. If you want them released, you typically must opt in:

• HIV/AIDS or sexually transmitted infection information.
• Reproductive or sexual health information.
• Genetic testing results.
• Mental and behavioral health treatment records (psychotherapy notes are treated separately and usually require a dedicated authorization).
• Substance use disorder treatment information (which may be subject to additional federal protections).

If you do not check these items (when presented), they are generally excluded from the disclosure. You can also limit by department, provider, or service dates.

Duration and Validity Period

The authorization remains effective until the expiration date or event you specify. You choose a calendar date or a practical event (for example, the end of your treatment episode or the completion of an insurance appeal). One-time disclosures end after records are released; ongoing disclosures continue only until the date or event you designate.

Choosing an appropriate timeframe

• Use the shortest period that still meets your need to reduce exposure.
• If timing is uncertain, select a clear event-based expiration rather than leaving the form open-ended.
• Limit the records by date range to avoid unnecessary sharing.

Revoking Authorization

You may revoke your authorization at any time by sending a written request to Kaiser Permanente’s Medical Records/Release of Information Unit. Include your full name, date of birth, medical record or member number (if available), the original authorization’s date, and a statement that you are revoking it. Sign and date your revocation and keep a copy for your records.

Revocation stops future disclosures under that authorization. It does not undo disclosures already made while the authorization was valid.

Risks of Redisclosure

Once Kaiser Permanente discloses your information to a recipient that is not covered by HIPAA, that information may no longer be protected by HIPAA and could be redisclosed by the recipient. Certain categories—such as some substance use disorder treatment records—can have additional federal restrictions, but most recipients control their own privacy practices.

Ways to reduce redisclosure risk

• Authorize only the minimum necessary records and use a short validity period.
• Send records to trusted recipients and ask how they protect, store, and delete your data.
• Choose secure delivery options (for example, secure portal, encrypted email, or direct transmission to another provider).
• Avoid open-ended permissions and keep copies of all forms you sign.

How to Obtain and Submit the Form

Get the form

You can obtain the Kaiser HIPAA Authorization Form through your secure member portal or by requesting it from your facility’s Medical Records or Release of Information Unit. If you prefer, ask Member Services to direct you to the correct location for your region.

Complete the form accurately

• Provide patient identifiers (name, date of birth, contact details, and member or medical record number if requested).
• Name the person or organization authorized to receive your records.
• State the purpose of the medical records disclosure.
• Describe the records and specify the date range.
• Indicate whether sensitive categories should be included by checking the appropriate boxes.
• Select a delivery method (for example, secure portal, encrypted email, mail, fax to a provider, or pickup).
• Enter an expiration date or event, then sign and date the form.

Submit and track your request

Submit the completed form to the Release of Information Unit using the options provided for your region—such as secure upload, in person, by mail, or by fax. You may be asked for government-issued ID, and personal representatives must include documents proving their authority. Allow processing time; urgent clinical needs are typically prioritized.

Fees and formats

A reasonable, cost-based fee may apply for copies, media, or mailing as permitted by law. Records may be provided electronically (download or encrypted email), by fax to another provider, or as paper copies, depending on your selection and availability.

Summary

The Kaiser HIPAA Authorization Form lets you direct specific, time-limited sharing of your PHI while maintaining control over what is released and to whom. By defining scope, including or excluding sensitive data, setting a clear expiration, and using secure delivery, you balance access needs with strong privacy protection and federal privacy law compliance.

FAQs.

What is the Kaiser HIPAA Authorization Form used for?

It authorizes Kaiser Permanente to disclose your Protected Health Information to a person, entity, or app you name—or to send it to you—for purposes such as care coordination, insurance matters, legal needs, or personal record-keeping.

How long is the authorization valid?

The authorization is valid until the date or event you specify on the form. You control the timeframe, whether for a one-time release or a limited period tied to a specific need.

Can I revoke the authorization after signing?

Yes. You can revoke it at any time by sending a signed, written revocation to Kaiser Permanente’s Release of Information Unit. Revocation stops future disclosures but cannot undo information already released.

What types of sensitive information can I include in the form?

With explicit consent, you can authorize release of categories such as HIV/AIDS or STI information, reproductive or sexual health information, genetic test results, mental or behavioral health treatment records (not psychotherapy notes), and substance use disorder treatment information, subject to additional protections where applicable.