Open main menu
Back to main menu Close main menu

Do you need access to your medical records?

Authorization for Use and Disclosure of Protected Health Information

Due to changes in federal law, a revised release of information disclosure form must be used for all requests for personal health information.

Please print this form, fill it out completely and take it to your physician clinic or our Medical Release of Information Office.

Background: The federal government published the standards for privacy of individually identified health information on December 28, 2000. These standards are also known as the HIPAA privacy rule. The rule establishes standards for information disclosure - including what constitutes a valid authorization. Below is an overview of this information for future reference. As of April 14, 2003, each hospital will need to comply with the new HIPAA rules.

The central HIPAA rule (Section 164.508) pertaining to the release of health information states that a valid authorization for the release of patient information must be in plain language and contain the following elements:

  • A specific and meaningful description of the information to be disclosed
  • The name of the covered entity (hospital) or individual authorized to make the disclosure
  • The name of the covered entity or person to whom the hospital or individual can make the disclosure
  • An expiration date or event that relates to the individual or the purpose of the use or disclosure
  • A statement of the individual's right to revoke the authorization in writing
  • A statement about the exceptions to the right to revoke
  • A description of how the individual may revoke the authorization
  • A statement that information used or disclosed pursuant to the authorization may be subject to re-disclosure by the recipient and no longer be protected by the rule
  • Signature of the individual
  • The date
  • If the authorization is signed by a personal representative of the individual, a description of such representative's authority to act for the individual

The authorization for release of information is not valid, according to the privacy rule, if the authorization has any of the following defects:

  • The expiration date or event has passed
  • The authorization has not been filled out completely with respect to the required content listed above
  • The authorization is known by the covered entity to have been revoked
  • The authorization is a prohibited type of compound authorization (must not be combined with any other document or request)
  • Any material information in the authorization is known by the hospital to be false

Health Information Exchange

Most people have had more than one provider, insurance plan or network in their lives. This means you might have medical records that are stored in two or more different systems. Health Information Exchanges (HIE) make it possible for providers to securely access their patients' medical information from different locations. It's important for your provider to have your complete health care record. This helps them make the best decisions about your treatment and medication.

CoxHealth is currently part of a statewide exchange and we may also partner with exchanges outside of Missouri. Patients can choose to opt in to allow us to access and share your information through the exchange. Opting in will give your provider faster access to information like lab results, medications, surgeries, allergies and other history that's important to your care. You will not be opted in without your consent, and you can opt out at any time. 

HIEs are secure and protected by the federal government. Information is only released to health care providers and it's not used for insurance or billing. You may receive a consent form at your next hospital visit. Please talk to your doctor if you have questions or concerns about consenting to this service.