casemark/hipaa-release
skills/legal/hipaa-release/SKILL.md
Drafts a HIPAA Release Authorization form compliant with 45 CFR § 164.508 for authorizing disclosure of protected health information. Use when drafting HIPAA authorizations, PHI release forms, medical records releases, or healthcare privacy waivers alongside healthcare powers of attorney or advance directives.
$ install --global
skillsauthnpx skillsauth add casemark/skills hipaa-releaseInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 4, 2026, 3:39 AM17.7s1 file scanned
SKILL.md
- name:
- hipaa-release
- description:
- Drafts a HIPAA Release Authorization form compliant with 45 CFR § 164.508 for authorizing disclosure of protected health information. Use when drafting HIPAA authorizations, PHI release forms, medical records releases, or healthcare privacy waivers alongside healthcare powers of attorney or advance directives.
HIPAA Release Authorization
Drafts a 45 CFR § 164.508-compliant authorization for disclosure of protected health information, typically executed alongside healthcare powers of attorney or advance directives. Output is a single execution-ready form with all client-specific fields marked in [BRACKETS].
Prerequisites
Gather before drafting:
- Patient info — full legal name, DOB, address
- Healthcare agent(s) — names and relationships (primary + successor)
- Cross-reference document — Healthcare POA or Advance Directive
- Jurisdiction — state witness/notary rules, sensitive-category consent requirements
- Scope instructions — whether to include mental health, substance abuse, HIV/AIDS, genetic info
Form Sections
Generate all sections in order:
| # | Section | Key Content |
|---|---------|-------------|
| 1 | Title | "Authorization for Release of Protected Health Information Pursuant to HIPAA" |
| 2 | Patient Identification | Full legal name, DOB, address; statement: "I authorize the use and disclosure of my PHI as described in this authorization." |
| 3 | Authorized Recipients | Each agent by name and role: [Agent Name], designated as my Healthcare Agent; include successors |
| 4 | Disclosing Parties | Broad: "Any health plan, physician, healthcare professional, hospital, clinic, laboratory, pharmacy, medical facility, or other covered entity that has provided payment, treatment, or services to me or possesses my PHI." |
| 5 | Scope of Information | Default comprehensive: complete medical record, mental health, substance abuse treatment, HIV/AIDS, genetic info. Flag state carve-outs needing separate consent. |
| 6 | Purpose | "To enable my designated healthcare agent(s) to make informed healthcare decisions on my behalf, communicate with my providers, and access all information necessary to execute their duties under my Healthcare POA or Advance Directive." |
| 7 | Duration & Expiration | Effective immediately; remains until written revocation or death. State whether authorization survives incapacity. |
| 8 | Revocation Rights | Required § 164.508 statements — see checklist below |
| 9 | Additional Statements | Right to refuse; treatment not conditioned on signing; right to copy |
| 10 | Execution Block | Patient signature, printed name, date; personal representative block (name, signature, relationship, authority); witness/notary lines per state law |
§ 164.508 Compliance Checklist
Every authorization must include all six statements:
- [ ] Right to revoke in writing at any time
- [ ] Revocation does not affect actions taken in reliance before receipt
- [ ] Disclosed information may be re-disclosed and no longer federally protected
- [ ] Right to refuse to sign
- [ ] Treatment/payment not conditioned on authorization (unless exception applies)
- [ ] Right to receive a copy of the signed authorization
Sensitive Category Carve-Outs
Some categories require separate consent beyond the general HIPAA authorization:
| Category | Federal Rule | State Variation | |----------|-------------|-----------------| | Mental health / psychotherapy notes | Separate authorization required (§ 164.508(a)(2)) | Many states add restrictions | | Substance abuse treatment | 42 CFR Part 2 requires separate consent | Stricter re-disclosure rules | | HIV/AIDS | No federal carve-out beyond HIPAA | ~35 states require specific consent | | Genetic information | GINA covers employment/insurance | State genetic privacy laws vary |
Flag applicable state rules and draft supplemental consent language where needed.
Drafting Rules
- All placeholders use
[BRACKETS]with descriptive labels - Cross-reference named agents against the client's Healthcare POA
- Plain language with legal precision; use numbered/lettered sections
- Include personal representative authority documentation fields (court appointment, POA)
- Footer: "This is a legal document. Review by qualified legal counsel is recommended before execution."
- Do not include regulatory explanations in the form — keep it execution-ready
- If jurisdiction known, tailor witness/notary and sensitive-info requirements; if unknown, include optional blocks with guidance notes
Related Skills
casemark/skills/legal/automated-contract-summary
development
VerifiedTrustedCommunity
name: automated-contract-summary language: en description: Generates structured executive summaries of contracts using ML — captures key terms, party obligations, risk allocations, and compliance requirements in a standardized format. Optimized for high-volume review where speed and consistency matter. tags: - summarization - agreement - corporate --- # Automated Contract Summarization Produces standardized executive summaries of contracts using machine learning, capturing essential term
21SKILL.mdUpdated May 26, 2026
casemark/obligation-mapping
tools
VerifiedTrustedCommunity
Extracts regulatory obligations from dense regulations across jurisdictions. Breaks down multi-level regulations into clear article-level obligations, classifies applicability to a business, and prioritizes by risk level. Use when translating regulations into actionable compliance requirements.
21SKILL.mdUpdated May 25, 2026
casemark/horizon-scanning
development
VerifiedTrustedCommunity
Continuously monitors regulatory landscapes for changes relevant to a specific business. Ingests global regulatory updates, filters by relevance, summarizes impact, and produces an actionable change advisory. Use when tracking regulatory developments affecting a particular product or market.
21SKILL.mdUpdated May 25, 2026
casemark/gap-analysis
testing
VerifiedTrustedCommunity
Compares an organization's existing compliance controls, policies, and procedures against extracted regulatory obligations to identify coverage gaps. Produces a remediation plan with prioritized actions. Use when assessing compliance maturity or preparing for regulatory audits.
21SKILL.mdUpdated May 25, 2026