Healthcare · U.S. Department of Health & Human Services
Fill HIPAA authorization forms programmatically from intake data.
Patients complete one digital intake; SimplyFill renders the HIPAA authorization for release of protected health information — patient, recipient, purpose, and expiration all populated — as a flattened PDF ready for signature.
What is HIPAA Authorization?
A HIPAA authorization is the form a patient signs to permit a covered entity to use or disclose specific protected health information (PHI) to a named recipient for a stated purpose, with an expiration date and revocation rights.
Who files it?
Healthcare providers, clinics, labs, and digital-health platforms generate one whenever a patient must authorize release of records — at intake, referral, or records request.
Why filling HIPAA Authorization by hand hurts
Most practices keep a HIPAA authorization as a static PDF and hand-type the patient name, the receiving party, the information to be disclosed, the purpose, and the expiration on every single request. It is repetitive, error-prone, and a wrong recipient or missing expiration can invalidate the authorization.
Fill HIPAA Authorization in one call
Render a HIPAA authorization from intake data
const res = await fetch('https://api.simplyfill.app/v1/generate', {
method: 'POST',
headers: {
Authorization: `Bearer ${process.env.SIMPLYFILL_API_KEY}`,
'Content-Type': 'application/json',
},
body: JSON.stringify({
template: 'hipaa_authorization_v1',
data: {
patient_full_name: 'Ada Lovelace',
patient_dob: '1990-04-12',
disclose_to_name: 'Babbage Cardiology Associates',
information_to_disclose: 'Cardiology records, 2024–2026',
purpose_of_disclosure: 'Continuity of care / referral',
authorization_expiration: '2027-06-07',
},
}),
})
const { url } = await res.json()Fields on HIPAA Authorization
Real form fields are named for the PDF spec, not for humans — so a single value can hide behind something like topmostSubform[0].Page1[0].f1_02[0]. SimplyFill lets you map your own readable keys to these once, then forget they exist.
| Raw PDF field name | What it means |
|---|---|
| patient_full_name | Patient full name |
| patient_dob | Patient date of birth |
| disclose_to_name | Person/organization authorized to receive PHI |
| information_to_disclose | Description of information to be disclosed |
| purpose_of_disclosure | Purpose of the disclosure |
| authorization_expiration | Expiration date or event |
Frequently asked questions
Is SimplyFill HIPAA-compliant?
SimplyFill is the document-generation layer. For PHI workloads we offer a Business Associate Agreement on eligible plans; you remain the covered entity and control what data you send. Review your plan and DPA before sending PHI.
Can the patient still sign after the form is filled?
Yes — pre-fill the identifying and disclosure fields and leave the signature and date for the patient. Hand the generated PDF to your e-sign provider or capture a wet signature.
Can I generate a whole intake packet at once?
Yes. Use the bulk endpoint to render the HIPAA authorization alongside registration, consent, and insurance forms in a single envelope from one intake payload.
Does the form enforce an expiration?
A valid HIPAA authorization requires an expiration date or event. SimplyFill renders whatever you send; build the requirement into your intake so the field is always populated before generation.
Stop hand-filling HIPAA Authorization.
Start with a 14-day free trial. Define the template once, then fill HIPAA Authorization from your data with a single API call.