Book a demo Log in / Sign up

Authorization To Disclose Information Template for the United States

Generate a bespoke document

  • England and Wales
  • Scotland
  • Northern Ireland
  • Ireland
  • United States
  • Alabama (USA)
  • Alaska (USA)
  • Arizona (USA)
  • Arkansas (USA)
  • California (USA)
  • Colorado (USA)
  • Connecticut (USA)
  • Delaware (USA)
  • Florida (USA)
  • Georgia (USA)
  • Hawaii (USA)
  • Idaho (USA)
  • Illinois (USA)
  • Indiana (USA)
  • Iowa (USA)
  • Kansas (USA)
  • Kentucky (USA)
  • Louisiana (USA)
  • Maine (USA)
  • Maryland (USA)
  • Massachusetts (USA)
  • Michigan (USA)
  • Minnesota (USA)
  • Mississippi (USA)
  • Missouri (USA)
  • Montana (USA)
  • Nebraska (USA)
  • Nevada (USA)
  • New Hampshire (USA)
  • New Jersey (USA)
  • New Mexico (USA)
  • New York (USA)
  • North Carolina (USA)
  • North Dakota (USA)
  • Ohio (USA)
  • Oklahoma (USA)
  • Oregon (USA)
  • Pennsylvania (USA)
  • Rhode Island (USA)
  • South Carolina (USA)
  • South Dakota (USA)
  • Tennessee (USA)
  • Texas (USA)
  • Utah (USA)
  • Vermont (USA)
  • Virginia (USA)
  • Washington (USA)
  • West Virginia (USA)
  • Wisconsin (USA)
  • Wyoming (USA)
  • Austria
  • Denmark
  • France
  • Germany
  • Lithuania
  • Luxembourg
  • Malta
  • Netherlands
  • Poland
  • Portugal
  • Romania
  • Slovakia
  • Slovenia
  • Spain
  • Sweden
  • Switzerland
  • Australia
  • New Zealand
  • Singapore
  • Hong Kong
  • India
  • Malaysia
  • Pakistan
  • United Arab Emirates
  • Qatar
  • Saudi Arabia
  • South Africa
  • Nigeria
  • Canada
  • Brasil
  • Monaco
  • Bermuda
  • Cayman Islands
  • Gibraltar
  • Isle of Man
  • Mauritius

What is a Authorization To Disclose Information?

The Authorization To Disclose Information document serves as a critical tool for maintaining privacy compliance while enabling necessary information sharing. This document is essential when confidential information needs to be shared between parties in the United States, whether for medical, educational, financial, or other purposes. It ensures compliance with federal regulations such as HIPAA, FERPA, and GLBA, while providing clear documentation of consent and protecting the rights of all parties involved. The authorization typically includes specific details about the information to be shared, temporal limitations, and the purpose of disclosure.

Frequently Asked Questions

Is an Authorization to Disclose Information legally binding in the United States?

Yes, an Authorization to Disclose Information is legally binding in the United States when properly executed. It creates a legal permission for the authorized party to share protected information while ensuring compliance with federal privacy laws like HIPAA, FERPA, and GLBA. Both the person giving authorization and the receiving party are legally bound by the terms specified in the document.

Can someone share my protected information without an Authorization to Disclose Information form?

No, sharing protected information without proper authorization violates federal privacy laws in most cases. Under HIPAA, FERPA, and GLBA, covered entities cannot disclose protected health information, educational records, or financial data without written consent. Exceptions exist only for specific circumstances like emergencies, court orders, or legally mandated reporting requirements.

How specific must the information description be in a disclosure authorization under US law?

Federal law requires very specific descriptions of the information being disclosed. You must identify the exact type of records (medical diagnoses, test results, financial statements), the time period covered, and the purpose of disclosure. Vague language like "all records" or "any information" may invalidate the authorization under HIPAA and other privacy regulations.

How is Authorization to Disclose Information different from a medical records release form?

A medical records release form is actually a specific type of Authorization to Disclose Information that focuses solely on healthcare information under HIPAA. Authorization to Disclose Information is broader and can cover educational records under FERPA, financial information under GLBA, or any other protected data. The medical release form has more stringent HIPAA-specific requirements for content and format.

How long does it take to prepare an Authorization to Disclose Information document?

Creating a basic Authorization to Disclose Information typically takes 15-30 minutes using a template. However, gathering all required details like specific record types, recipient information, and expiration dates may take longer. Complex authorizations involving multiple parties or specialized information types can take several hours to properly draft and review.

Can I revoke an Authorization to Disclose Information after signing it in the US?

Yes, you generally have the right to revoke an authorization at any time under federal privacy laws, though some exceptions apply. The revocation must be in writing and submitted to the entity holding your records. However, you cannot revoke disclosures already made, and some authorizations cannot be revoked if the disclosure was required to obtain insurance or for treatment purposes.

Why do Authorization to Disclose Information forms get rejected by institutions?

Common rejection reasons include missing required elements like specific information types, unclear recipient details, lack of expiration date, or improper signatures. Many forms fail because they don't meet jurisdiction-specific requirements under HIPAA, FERPA, or GLBA, use overly broad language, or contain outdated formatting that doesn't comply with current federal privacy regulations.

Reviewed by

Swetha Meenal

Legal Engineer, GenieAI

Swetha Meenal profile photo

A lawyer, legal researcher and legal tech founder, Swetha has built AI products deployed inside Tier 1 firms and enterprises. She ensures GenieAI's alignment with the latest regulation and executes testing on the legal robustness of Genie output.

LinkedIn

Reviewed by

Imad Mohammed Nazar

Legal Engineer, GenieAI

Imad Mohammed Nazar profile photo

A Skadden-trained M&A lawyer, Imad advised on cross-border transactions and contractual risk before moving into legal AI. He reviews GenieAI's output for compliance and enforceability across our 150+ supported jurisdictions, as well as facilitating external benchmarking.

LinkedIn

Jurisdiction

United States

Reviewed by

Swetha Meenal & Imad Mohammed Nazar

Publisher

GenieAI

Category

Release of Information Form

Sector

Business

Cost

Free to use

Last updated

About the Authorization To Disclose Information

An Authorization To Disclose Information is a fundamental legal document that grants permission for the release of confidential or protected information to specified parties. In the United States, this document serves as your primary tool for ensuring compliance with various federal and state privacy laws while facilitating necessary information sharing between organizations, healthcare providers, educational institutions, and other entities.

When do you need this document?

You'll need this authorization whenever protected information must be shared beyond its original custodian. Healthcare providers require it before releasing medical records to insurance companies, specialists, or family members under HIPAA regulations. Educational institutions need signed authorizations before sharing student records with employers, other schools, or third parties as mandated by FERPA. Financial institutions use these authorizations when sharing account information with accountants, attorneys, or other financial service providers under GLBA requirements. Employment contexts often require authorizations for background checks, reference verifications, or sharing personnel information with benefits administrators.

Key legal considerations

The authorization must clearly identify the specific information being disclosed, avoiding broad or general language that could lead to unauthorized sharing. You should specify the exact purpose for the disclosure and include explicit expiration dates or conditions that terminate the authorization. The document must identify all parties involved: the information holder, the authorized recipient, and the individual whose information is being shared. Consider including limitations on further disclosure to prevent the recipient from sharing information with additional parties without separate authorization. Revocation rights should be clearly stated, allowing the authorizing party to withdraw consent at any time. The authorization should specify whether the information can be used for marketing purposes or other secondary uses beyond the stated primary purpose.

Legal requirements in United States

Under HIPAA, healthcare-related authorizations must include specific elements such as a description of the protected health information, identification of authorized recipients, expiration dates, and the individual's right to revoke consent. FERPA requires educational institutions to obtain written consent before releasing directory information or education records, with exceptions for school officials and emergency situations. The Gramm-Leach-Bliley Act mandates that financial institutions provide clear privacy notices and obtain opt-in consent for certain information sharing practices. State laws may impose additional requirements, such as California's Consumer Privacy Act, which grants consumers specific rights regarding their personal information. Federal agencies must comply with the Privacy Act of 1974 when disclosing information from their systems of records. The Fair Credit Reporting Act requires specific authorizations for accessing consumer credit reports for employment or tenant screening purposes.

GOVERNING LAW

Applicable law

This Authorization To Disclose Information is drafted to comply with United States law. Key legislation includes:

HIPAA: Health Insurance Portability and Accountability Act - Federal law governing the protection and disclosure of medical information and health records

FERPA: Family Educational Rights and Privacy Act - Federal law protecting the privacy of student education records

GLBA: Gramm-Leach-Bliley Act - Federal law requiring financial institutions to explain their information-sharing practices and protect sensitive data

Privacy Act of 1974: Federal law establishing a code of fair information practices governing the collection, maintenance, use, and dissemination of information maintained by federal agencies

FCRA: Fair Credit Reporting Act - Federal law regulating the collection, dissemination, and use of consumer credit information

CCPA: California Consumer Privacy Act - State law providing California residents with rights regarding their personal information and imposing obligations on businesses collecting it

42 CFR Part 2: Federal regulations governing confidentiality of substance use disorder patient records

Required Authorization Elements: Essential components including: specific information to be disclosed, authorized parties, purpose, expiration date, revocation rights, re-disclosure notice, and signature requirements

State Privacy Laws: Various state-specific privacy laws that may impose additional requirements on information disclosure and protection

Professional Confidentiality Requirements: Specific confidentiality obligations related to professional relationships such as attorney-client privilege and doctor-patient confidentiality

Explore 208,390+ legal templates

Explore 208,390+ legal templates

Genie's Security Promise

Genie is the safest place to draft. Here's how we prioritise your privacy and security.

Your data is private:

We do not train on your data; Genie's AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

We are ISO27001 certified, so your data is secure

Organizational security:

You retain IP ownership of your documents and their information

You have full control over your data and who gets to see it