How to Revoke Consent With HIPAA | Legal Beagle

How to Revoke Consent With HIPAA

Proper Attire While Working As a Dermatologist
Oct 13, 2010
3 minute read

Anyone who has been to a healthcare provider's office for the first time is usually given a copy of a HIPAA form. This form outlines the healthcare provider’s HIPAA policy and asks for the patient’s consent to share private health information, when medically necessary. When patients sign this form, they are giving the healthcare provider permission to use their personal healthcare information in certain situations. However, if the patient ever changes their mind, they have the absolute right to revoke the HIPAA agreement.

What Is HIPAA?

HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. This Act included authorization for the Department of Health and Human Services to set national standards for the security of electronic healthcare transactions and to protect personally identifiable information.

In 2000, the Department of Health and Human Services put forward the Privacy Rule. This Rule sets the national standards to protect your uniquely identifiable health information. The rule was limited to health plans, healthcare clearing houses and most importantly, healthcare providers. This set the stage for the adoption of internal HIPAA confidentiality agreements. These internal HIPAA confidentiality agreements are in place to protect a person’s private health information.

Read More: HIPAA Release of Information Laws

Typically, a patient gives consent at the beginning of the relationship with their healthcare provider. The healthcare provider should explain the nature of the consent they are providing and that they have the ability to limit who can have access to their information and for how long the healthcare provider can have access. A patient must receive a copy of the healthcare provider's HIPAA Privacy Policy and it must outline the procedures by which a patient can revoke consent.

At any point during a patient’s relationship with their healthcare provider and, especially if the patient discontinues their relationship with their healthcare provider, they absolutely have the right to revoke consent. However, they must revoke consent in writing. Many healthcare organizations have forms through which a patient is able to revoke consent.

In instances where a patient is dealing with a major healthcare organization, they should either call the healthcare organization or go to the provider's website for instructions on how to revoke HIPAA consent. Typically, a patient will be able to download a form, complete the form and send it to the proper department in order for their revocation to go into effect. It's a good idea for the patient to follow up a few days later to ensure that their revocation was received and is in full effect.

Advertisement

However, a patient can also revoke consent through a simple letter revoking all consent given when they first signed the form. It would be helpful for the patient to have a copy of the healthcare provider’s HIPAA policy form and a copy of the consent they originally provided. Their letter should be tailored to cover all of the areas of consent they originally gave to the healthcare provider. The patient should be sure to either give the form directly to the appropriate person at the healthcare provider's office or mail it by certified mail, so that you will have proof that you did indeed revoke consent.

The patient should then wait a few days to a week to follow up with the healthcare provider’s office to ensure the letter was received and that the revocation is in full effect. The patient should be sure to note the name of the person they spoke to, as well as the date and time, in case any problems or issues arise in the future.

If you revoke authorization and the provider continues to share your information, the law requires that the provider correct the consequences of this disclosure within a month or face prosecution, according to the UC Davis Health System.

Tips

If you revoke authorization and the provider continues to share your information, the law requires that the provider correct the consequences of this disclosure within a month or face prosecution, according to the UC Davis Health System.

According to the University of Kentucky, hospitals must give you a HIPAA Privacy Policy Notice when you receive care. Sometimes, this form may outline the procedure that you can take to revoke HIPAA authorization.

Sponsored
Legal Beagle Logo

Legal Beagle is a keen, astute resource for legal explanations. Take control, understand your rights, and become a legal beagle.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.