HealthConsent
Privacy Threats Privacy Guide Privacy Checklist
Data Breach Response
Give your affected members privacy protection and regain trust
For Healthcare Providers
Patient privacy protection and HIPAA compliance tools
For Employers
An employee benefit that protects their personal health information
For Digital Health Apps
FTC compliance and user privacy management solutions
Breaches live Pricing About
Sign In Protect My Data
Privacy Threats Privacy Guide Privacy Checklist Breaches live Data Breach Response For Providers For Employers For Digital Health Pricing About
Sign In Protect My Data
← Back to Terms of Service

Exhibit A — Limited Authorization to Act (Privacy Requests Only)

Last updated: January 2026


1) Consumer (Individual)

Legal name: ________________________________

Date of birth: ____ / ____ / ______

Current address: ______________________________________________

Previous addresses (optional): ___________________________________________________


2) Authorized Agent

Agent name (company/person): ________________________________

Agent contact person (if company): ___________________________

Agent address: ______________________________________________

Agent email: __________________________ Agent phone: __________________


3) Scope — What I’m Authorizing

I authorize the Authorized Agent to submit and manage privacy rights requests on my behalf only for the purposes stated in the accompanying HealthConsent™ Privacy Request Document(s) (each a “Request”).

This limited authorization includes submitting requests to providers, pharmacies, PBMs, insurers/health plans, labs, health information exchanges (HIEs), interoperability networks, data brokers, and other entities that maintain or process my health data.


4) What the Agent May Do

For the limited purpose above, the Authorized Agent may:

  1. Submit, transmit, and sign Requests on my behalf, including by mail, fax, secure portal upload, or email.
  2. Communicate with privacy/compliance offices to confirm receipt, resolve identity-matching questions, and complete required verification steps.
  3. Receive status updates and confirmations related to the Requests (including acceptance/denial letters and completion attestations).
  4. Provide the recipient proof of authorization (this document) and verification evidence I have provided/approved for use with the Request.
  5. Escalate/resubmit within the recipient’s process (e.g., correcting missing identifiers, requesting written rationale for denial, requesting supervisory review).

5) What the Agent May NOT Do (Important)

Unless I separately authorize it in writing (e.g., a specific “right of access” request or release form), the Authorized Agent:

  • May not request or receive copies of my medical records/PHI as a standalone records request.
  • May not be treated as the recipient of my medical record disclosures except to the minimal extent the recipient believes is reasonably necessary to process, verify, and complete the privacy Request (for example, confirming a preference/flag was applied).

6) Permission for Recipients to Communicate With the Agent

Select one:

  • ☑ Yes — You may communicate directly with my Authorized Agent about the Requests and their completion.
  • ☐ No — Communicate only with me (you may copy the agent only if I explicitly request it).

7) Stored Signature + Auto-Completed Requests (Explicit Consent)

I understand and agree that:

  • I may sign once, and my signature may be stored and re-used by HealthConsent (the Authorized Agent) to auto-complete and execute future HealthConsent-generated PDF Privacy Request Documents on my behalf.
  • Each such PDF may include a Request ID, a generation date, and other metadata, and will be transmitted by the Authorized Agent as my electronic agent at my express direction.
  • I intend my stored signature to be treated as my signature on each Request created and sent under this authorization, unless and until I revoke this authorization.

Electronic signature validity: I agree that my electronic signature and this electronic record may be used and relied upon where permitted by law (including ESIGN and UETA).


8) Term, Expiration, and Revocation

Effective date: ____ / ____ / ______

Expiration (choose one):

  • ☐ Expires on: ____ / ____ / ______
  • ☐ Expires 12 months from signature date
  • ☑ Expires 24 months from signature date and automatically renews for additional 24-month periods unless I revoke.

Revocation: I may revoke this authorization at any time by written notice to the Authorized Agent. Revocation will not affect actions already taken in reliance on this authorization.


9) Signature

By signing, I confirm I am the consumer identified above (or the lawful personal representative), and I grant the limited authorization described in this document.

Consumer signature: _______________________________ Date: ____ / ____ / ______

Printed name: _____________________________________

If personal representative (optional):

Name: __________________ Relationship: ______________

Authority (attach or describe): ________________________

Signature: ____________________________ Date: ____ / ____ / ______


This document is Exhibit A to the HealthConsent Terms of Service.

Stay informed about your privacy rights

Get the latest updates on health data privacy laws, tips for protecting your information, and important security alerts.

HealthConsent

Empowering individuals to regain control of their private health information through automated privacy protection and direct action.

Features

  • Health Data Broker Removal
  • HIPAA Privacy Controls
  • Provider Privacy Restrictions
  • Network Opt-Out Requests
  • State Privacy Protections
  • Auto-Generated Legal Forms
  • Real-Time Tracking
  • Personal Dashboard

Resources

  • Pricing
  • FAQ
  • Health Data Privacy Threats
  • Health Data Privacy Guide
  • Health Data Privacy Checklist
  • Know Your HIPAA Rights
  • CMIA vs HIPAA
  • State vs Federal Privacy Laws
  • Submit Health Privacy Requests
  • State-by-State Health Privacy
  • HIE Opt-Out Hub
  • Stop Health Data Sharing
  • Health Privacy Laws
  • Real Health Privacy Breaches
  • Recent Healthcare Breach Tracker
  • Privacy Blog & Insights
  • Health Privacy Law History
  • Health Privacy Resource Library

Business

  • Data Breach Response
  • For Employers
  • For Providers & Payers
  • For Digital Health

Company

  • About
  • Privacy Policy
  • Terms of Service
  • Disclaimer

Recent healthcare breaches

All breaches →
  • May 1 · 695 affected Capitol Pain Institute
  • May 1 · 2,523 affected Cunningham Prosthetic Care LLC
  • May 1 · 113,330 affected Western Orthopaedics, P.C.
  • Apr 30 · 65,000 affected City Health, a medical corporation
  • Apr 30 · 58,000 affected Exclusive Physicians PLLC
is designed, built and backed by Sharpless 🏄 in sunny Newport Beach, California
© 2026 Healthnode Inc. All rights reserved.

Trademark & Non-Affiliation Notice: HealthConsent is not affiliated with, endorsed by, sponsored by, or partnered with any organization shown. Trademarks/logos belong to their respective owners and are used for identification only.