Question: I’ve noticed that our patient forms pertaining to the Health Insurance Portability and Accountability Act (HIPAA) say they last for one year from the date signed. Can this be adjusted to make less paperwork for our front desk staff? Montana Subscriber Answer: The Office for Civil Rights (OCR) says the HIPAA Privacy Rule notes that all authorization forms need to have an expiration date. The expiration date helps the authorizer understand when or to whom or why information might be disclosed. OCR says: “An Authorization remains valid until its expiration date or event, unless effectively revoked in writing by the individual before that date or event. The fact that the expiration date on an Authorization may exceed a time period established by State law does not invalidate the Authorization under the Privacy Rule, but a more restrictive State law would control how long the Authorization is effective.” Solution: The authorization date can be an event, like when the patient terminates their enrollment in a health plan, instead of a timeline, unless your state has specific requirements that are stricter than the OCR’s.