Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

2 min read

Does HIPAA allow verbal consent?

Does HIPAA allow verbal consent?

Yes, HIPAA does allow verbal consent in specific situations. While the general rule mandates written authorization for the use and disclosure of protected health information (PHI), exceptions exist. Verbal consent is permitted for inclusion in a hospital directory, notifications to family or friends involved in a patient's care, and research studies with minimal risk approved by an Institutional Review Board (IRB). 


Understanding HIPAA consent requirements 

HIPAA emphasizes written authorization to ensure clarity and protect patient privacy. This written consent is a formal agreement outlining the details of PHI use or disclosure that extends beyond routine treatment, payment, or healthcare operations (TPO). Despite this general requirement, exceptions exist, shedding light on scenarios where verbal consent is acceptable.


When verbal consent is permitted

  1. Inclusion in a hospital directory: When a patient is admitted to a hospital, they can give their consent to have their name, general condition, and location included in a directory that is accessible to the public. This directory can be valuable for family and friends who want to stay informed about the patient's hospital stay. The patient can provide their consent verbally or in writing.
  2. Notifications to family or friends: When patients cannot communicate their preferences, healthcare providers may use their professional judgment to share limited information. Verbal consent helps swiftly communicate details about a patient's condition and location to their caregivers.
  3. Research with minimal risk: HIPAA regulations generally mandate written authorization for the use of PHI in research. However, certain research studies characterized by minimal risk to participants may receive approval from an IRB to waive the requirement for written consent. Verbal consent, when obtained and documented appropriately, becomes a viable alternative in these research protocols.

Documentation of verbal consent

When a patient provides verbal consent, healthcare providers must document all the details accurately. This includes recording the date and time of consent, the name of the person who provided consent, and the specific details of the consent. Proper documentation of a patient's right to object is beneficial for HIPAA compliance and future reference.


Best practices for HIPAA compliant consent practices

  • Prioritize written authorization: Choosing written consent ensures a legally recognized record of patients' agreement, offering heightened privacy protection.
  • Meticulously document verbal consent: Thoroughly document verbal consent by recording the date, time, consent giver, specifics of the consent, and patient's right to object.
  • Acknowledge limitations of verbal consent: Understand the challenges associated with verbal consent, such as difficulties in verifying details and the potential for misunderstandings.
  • Adhere to HIPAA requirements: Emphasize strict adherence to HIPAA consent requirements, maintaining a secure and transparent healthcare environment.
  • Encourage stakeholder participation: Foster a commitment from healthcare providers and patients to maintain patient-centric practices and upholding privacy standards.


Is verbal consent allowed for sharing PHI with third-party service providers, such as billing companies?

No, sharing PHI with third-party service providers typically requires written authorization under HIPAA, even for healthcare operations. Verbal consent is not considered sufficient in this context.


Can a patient object to verbal consent after it has been provided?

Yes, patients have the right to object to verbal consent at any time. Healthcare providers must respect this objection, and the objection should be documented for future reference.


Can verbal consent be obtained over the phone for healthcare-related activities?

Yes, verbal consent can be obtained over the phone. However, healthcare providers should take extra precautions to verify the patient's identity and ensure the privacy of the conversation. 


Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.