In the healthcare industry, the saying “not documented, not yet done” highlights the importance of keeping business agreements and medical records safe and secure. Understanding the main types of HIPAA forms can mean the difference between proper HIPAA compliance and a fine of $50,000. HIPAA has several requirements regarding documentation, and by proper documentation and maintenance of it, an organization can ensure compliance with HIPAA, be able to focus more on other business aspects, and avoid violations.

Main types of HIPAA Forms

These forms are required to be documented and maintained to ensure compliance with HIPAA. It is recommended that the templates of these forms be readily available in your HIPAA compliance manual.


HIPAA Compliance Management Application

Reduce Administrative Burden

See all the information in a centralized space

Keep your team updated with regular information

Contact Us

Notice and receipt of privacy agreement form

This HIPAA form is to ensure that the patient has signed and acknowledged the privacy agreement and that the patient shall receive a copy of the privacy agreement if they request it. The privacy agreement states how an organization complies with HIPAA to protect a patient’s information and explains that the patient has the right to request and access their medical records. An organization must keep this form to prove HIPAA compliance, in the event of an audit.

Medical release HIPAA forms

An organization must complete this form before sharing medical information with someone else other than the patient, the patient’s legal representative, a health insurance company, pharmacy, or the treating physician. To protect the patient’s confidentiality, this information can only be shared on a need-to-know basis.

A release of information form must be signed by the patient when an organization wants to:

  • Share Protected Health Information (PHI) with a university for educational or research purposes.
  • Disclose psychotherapy notes.
  • Transfer records to a physician who may leave an organization but continue to treat the patient.
  • Use the patient’s recovery story as a part of their marketing plan.

An organization may need a few additional forms to complete depending on the circumstances, even if the patient has given their consent to share their PHI.

Custodian Agreement Form

This form must be signed by the physician who leaves an organization and takes the patient’s information to another organization. This form will state that the responsibilities for the use and storage of the patient’s medical record have been transferred from the covered entity to a concerned organization.

New Patient Authorization Form

This is a standard patient intake form for gathering basic information about a patient, which includes information about insurance, the patient’s communication preference, and the assignment of the benefits. By using this form, an organization can verify the patient’s insurance coverage and better assess the length of an appointment.

Health Plan Coverage and Payment Request Form

A health plan coverage form lets an organization build a record of a patient’s insurance eligibility and financial responsibilities. This form should include an organization’s policies in case the insurance carrier fails to cover or if a patient misses an appointment.

Many payments are now made online because it increases efficiency, decreases administrative workload, and saves time. It is important to use a HIPAA compliant means of communication, meaning safe and secured platforms to send in payment request forms for the patient to pay their bills. 

Business Associate Agreement (BAA) Form

Any individual or entity outside your practice that transmits, receives, processes, or stores PHI must sign a written authorization and execute a business associate agreement. Covered entities must have a valid HIPAA BAA in place with each of their partners to ensure HIPAA compliance and to maintain the security of PHI.

A BAA is signed to ensure that an entity has agreed about their responsibilities to keep PHI safe. It also confirms that an entity has systems in place that comply with HIPAA rules and regulations. Without a BAA form signed, an organization is held responsible in case PHI is mishandled and may face fines and corrective actions for violating the HIPAA law.

Let HIPAA Ready help you with HIPAA forms

As well as the core HIPAA forms, there are several other forms that an organization may need to document and store to keep up with HIPAA compliance because each organization’s requirements are different and unique to each other. An organization needs to maintain proper documentation or may face heavy penalties after an official audit. It can be an administrative burden as there are many forms and procedures to ensure HIPAA compliance. That is why it is important for organizations to properly store, maintain, and be able to access these documents from a single centralized platform such as HIPAA Ready.

HIPAA Ready is HIPAA compliance software where you can store and retrieve all the relevant documents when required. By keeping the documents in one centralized space, an organization does not have to worry about losing important documents or finding them when under the pressure of an audit. Don’t get buried in HIPAA forms – let HIPAA Ready help you.