Objective: Under the The Health Insurance Portability and Accountability Act Privacy Rule, researchers are required to obtain written authorization from patients to gain access to protected health information. The purpose of this research was to examine how the characteristics of authorization forms used by hospitals affect the likelihood of consent.
Method: This work reports on a recent telephone survey (administered January to August 2004) of previously hospitalized patients from 16 Massachusetts hospitals. Respondents were asked to provide authorization for review of their medical records. Those respondents who agreed over the phone to be mailed authorization forms were sent a copy of their hospital's form and were asked to sign and return it. Measured characteristics of the forms included number of pages, number of fields, distinctness of institution's name, whether a witness was required, and requirement of Social Security Number (SSN).
Results: We received 1021 signed forms (50.3% of all sent forms). The likelihood of return was affected by the requirement of the SSN, the clarity of the hospital name, and providing an extra copy for respondents’ records. In logistic regression analysis, besides age and gender, only the SSN and clarity of the hospital name identification were significant.
Conclusion: Forms should be clear about the institution from which they come, easy to understand, and should not ask for SSN or other highly sensitive information unrelated to health care.