List of Forms and Contact Details Required to Request Medical Records in California (PI Lawyers' Checklist)

Table of contents

Get Blog Updates for In-Depth Resource Knowledge

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Most personal injury attorneys spend months chasing medical records through manual processes, when these documents are legally required to arrive within 15 days under California law. This comprehensive checklist provides the specific authorization forms, healthcare system contacts, fee schedules, and strategic procedures California PI lawyers need to retrieve complete medical records efficiently—plus how platforms like Codes Health reduce turnaround from months to 10-12 days through AI-powered error prevention and automated provider follow-ups.

Key Takeaways

California's 15-day legal requirement mandates faster response than federal HIPAA, but manual processes still average weeks to months
Dual compliance with both federal HIPAA and California CMIA creates unique authorization requirements
California law caps paper copies at $0.25 per page and allows reasonable clerical costs
Major healthcare systems (Kaiser Permanente, Dignity Health, Sutter Health) each have specific contact procedures that expedite processing
Incomplete authorizations are the #1 cause of denied requests, restarting your entire timeline
Codes Health's platform delivers organized records in 10-12 days with proactive error checking that prevents the authorization deficiencies causing provider rejections
Same-day competitor pulls are not complete and require client involvement; Codes Health delivers complete records in 10–12 days.
General chat AIs can’t reliably analyze medical records; Codes Health’s medical-grade AI provides high-precision insights for litigation.
Flat fee—predictable costs from the retrieval service.

1. Understanding California's Dual Protection Framework: HIPAA and CMIA Requirements

California operates under two overlapping legal frameworks that create both stronger patient protections and more complex compliance requirements for PI lawyers requesting medical records.

The federal baseline: The HIPAA Privacy Rule permits healthcare providers to disclose protected health information to third parties, including attorneys, when patients provide valid written authorization. HIPAA's 30-day timeline applies to patient Right of Access requests (45 CFR § 164.524). In New York, patients must be given an opportunity to inspect within 10 days, and copies must be furnished within a reasonable time under PHL §18.

Attorney-authorized disclosures under 45 CFR § 164.508 are governed by state timelines; in California, providers must respond within 15 days of receiving valid authorization and payment.

California's enhanced protections: The Confidentiality of Medical Information Act (CMIA) under California Civil Code § 56.10 et seq. provides greater privacy protections than federal HIPAA in several critical areas. When state and federal law conflict, the more restrictive California law applies.

The 15-day California advantage: Section 123110 of the California Health and Safety Code requires healthcare providers to make medical records available within 15 days of receiving a written request—half the federal HIPAA timeline. This aggressive deadline applies from the moment providers receive both your written authorization and prepayment (if required by the provider’s policy).

The reality check: Despite this legal requirement, traditional manual retrieval methods still result in delays extending weeks to months due to incomplete authorizations, provider processing backlogs, and inadequate follow-up systems. This is where Codes Health becomes transformative—their AI-powered platform proactively catches authorization errors before submission, maintains daily provider follow-ups automatically, and provides real-time tracking that keeps requests on California's legal timeline.

Key statutory framework:

HSC § 123110 (15-day response requirement)
Civil Code § 56.11 (CMIA authorization requirements)
45 CFR § 164.508 (federal HIPAA authorization standards)

2. Required Authorization Forms: HIPAA vs. California CMIA Compliance

Every medical records request requires properly executed authorization, but California's dual framework demands forms that satisfy both federal and state requirements simultaneously.

Standard HIPAA Authorization Form Requirements

A compliant HIPAA authorization must include specific core elements:

Description of information to be disclosed (specific enough to be meaningful)
Persons authorized to make the disclosure (provider name and address)
Persons to whom disclosure will be made (your law firm information)
Expiration date or event (cannot be indefinite)
Patient signature and date (wet signature traditionally required, though electronic now accepted)
Right to revoke authorization statement
Statement about re-disclosure risk once information is released

California CMIA Additional Requirements

Section 56.11 of the California Civil Code adds California-specific elements beyond federal HIPAA:

Specific and meaningful description of purposes for disclosure (more detailed than HIPAA)
Statement of patient's right to receive copy of authorization
Expiration date or event must be clearly specified (no open-ended authorizations)
Separate authorization for highly sensitive records (mental health, HIV/AIDS, genetic testing)
Minor consent provisions for patients 12+ controlling certain record types

Differences Between Federal and California Medical Release Forms

CMIA is more restrictive than HIPAA in several critical areas. According to health law experts, "The most common mistake attorneys make is using authorization forms that don't specifically address California's CMIA requirements."

Key differences:

Purpose description: CMIA requires more specific explanation of why records are needed
Patient rights notice: California mandates explicit statement about patient's right to copy
Sensitive information: California requires separate, specific authorization language for mental health, substance abuse, HIV/AIDS, and genetic testing
Minors: California grants minors age 12+ control over records related to mental health treatment, substance abuse treatment, reproductive health services, and sexual assault treatment

Best practice: Use authorization forms that explicitly state compliance with both HIPAA and California CMIA requirements. Many California healthcare providers maintain their own preferred forms—using these provider-specific templates typically expedites processing.

Common rejection reason: Incomplete authorizations are the #1 cause of denied requests. Missing patient signatures, unclear expiration dates, or unchecked boxes for sensitive records will restart your 15-day clock. Codes Health's AI review system catches these errors before submission—automatically flagging misspellings, missing dates of service, and signature issues that would otherwise cause provider rejections.

3. Major California Healthcare Systems: Complete Contact Directory and Submission Procedures

California's largest healthcare systems process thousands of medical records requests monthly, and each maintains distinct procedures that can either accelerate or derail your retrieval timeline.

Kaiser Permanente

Kaiser operates California's largest integrated healthcare system with centralized processing by region.

Contact Information:

Northern California: Regional medical records departments (facility-specific contact)
Southern California: Regional medical records departments (facility-specific contact)
Website: Kaiser Medical Records
Processing Time: 15 days standard per California law

Submission Methods: Online patient portal, written request with authorization to facility-specific medical records department, fax to facility HIM department.

Attorney-specific notes: Kaiser requires signed HIPAA/CMIA-compliant authorization with valid photo ID. Identify the specific facility where treatment occurred, as Kaiser's regional structure requires targeted requests rather than system-wide submissions.

Dignity Health (CommonSpirit Health)

Dignity Health operates hospitals throughout California with facility-specific medical records departments.

Central Information:

Contact Method: Individual facility medical records departments
Website: Dignity Health Records
Request Method: Written request with authorization to facility-specific medical records department
Processing Time: 15 days per California law
Fees: California standard fee schedule

Key California facilities: Dignity Health operates major hospitals including California Hospital Medical Center (Los Angeles), Mercy General Hospital (Sacramento), and Dominican Hospital (Santa Cruz)—each requiring separate contact.

Sutter Health

Northern California's largest non-profit health system with acute care hospitals across the region.

Central Contact:

Website: Sutter Health Records
Request Options: MyHealth Online patient portal, mail to specific facility, fax to facility
Processing Time: 15 days standard
Coverage Area: Northern California primarily (Sacramento, Bay Area, Central Valley)

Special notes: Sutter accepts requests through MyChart for established patients; attorneys need separate authorization submitted directly to facility medical records department.

Cedars-Sinai Medical Center (Los Angeles)

Major academic medical center serving Southern California. For current contact information, visit the Cedars-Sinai medical records page.

Processing commitment: Responds within California's 15-day requirement.

UCLA Medical Center

Major academic medical center with multiple locations. For current contact information, visit the UCLA Health records page.

Processing: 15 days standard

Stanford Health Care

Bay Area academic medical center. For current contact information, visit the Stanford Health records page.

Special Requirements: Written authorization required for attorney requests

UCSF Medical Center

Northern California academic medical center. For current contact information, visit the UCSF Health records page.

Fees: California standard rates

Managing multiple providers becomes exponentially complex as case complexity increases. A typical car accident case might involve 5-10 providers; a catastrophic injury could require records from 30+ sources. This is where Codes Health delivers maximum value—submit all requests through one interface, track all statuses in real-time, and receive organized chronological records without manually managing dozens of provider relationships.

4. California Fee Schedules: What Providers Can Legally Charge

California law establishes specific maximum fees that are significantly more consumer-friendly than many states, but costs can still accumulate quickly across multiple providers.

Standard Fee Schedule for Paper Copies

Paper copy charges: California law caps paper copies at $0.25 per page and allows reasonable clerical costs.

Electronic Format Fee Structure

Electronic records: Actual cost of duplication for electronic transmission, generally lower than paper copies.

Best practice: Always request electronic format (PDF via secure email or patient portal) when available—saves significantly on multi-hundred-page records and reduces processing time.

Imaging Studies and Special Records

Imaging studies: Providers may charge reasonable cost, not to exceed actual cost, for imaging copies.

Additional allowable charges:

Actual mailing/shipping costs
Actual cost of postage and supplies
Reasonable costs for unusual or voluminous records (with written explanation)

No-Fee Exceptions

No-fee exception: One free copy when needed to support certain public benefit claims (HSC § 123110(d)(1)).

Cost management strategy: Request electronic format whenever available, include prepayment check with requests to avoid processing delays, and budget $30-75 per typical provider. For high-volume practices, Codes Health's flat-rate structure provides cost predictability and eliminates surprise provider fees.

5. Electronic vs. Paper Submission: Modern Methods That Accelerate Retrieval

The submission method you choose directly impacts your retrieval timeline, with electronic options consistently outperforming traditional mail.

Patient portal systems represent the fastest option. Major portals used by California providers include MyChart (Stanford, UCSF, Sutter Health), Kaiser Permanente's patient portal, and facility-specific systems. According to health information management professionals, electronic requests are often processed faster than paper requests at many facilities.

Secure email submission of PDF authorization forms with photo ID works for many providers and offers proof of delivery with read receipts. Always confirm the provider accepts email requests and use subject lines like "Medical Records Request - [Patient Name] - [Date of Service]" to ensure proper routing.

Fax submission remains widely accepted despite being dated technology. Benefits include instant confirmation pages and definitive timestamps. Always follow up faxes with a phone call within 2-3 business days to confirm receipt by the medical records department.

Mail submission (certified with return receipt) provides legal proof of delivery but adds days for postal delivery, internal routing, and return mailing. Use mail when you need certified proof of delivery date or for providers who don't accept electronic submissions.

Best practice submission hierarchy: (1) Provider's secure online portal, (2) Secure encrypted email, (3) Fax with phone confirmation, (4) Certified mail with return receipt.

The electronic advantage multiplies across large caseloads. Codes Health's platform automates this entire workflow: submit all requests electronically through one interface, AI reviews each request for errors before transmission, the system maintains daily provider follow-ups automatically, and you receive real-time status updates.

6. Special Protections for Sensitive Medical Records

California provides additional privacy layers for certain record types, requiring specialized authorization language and handling procedures.

Mental Health Records

Legal standard: California provides additional protections under Civil Code § 56.10 and Welfare & Institutions § 5328.

Authorization requirements: May require specific authorization language addressing mental health records separately. Mental health providers may have additional concerns about disclosure and may request more detailed authorization.

HIV/AIDS Related Information

Legal standard: HSC § 120975 provides special confidentiality protections.

Authorization requirements: Specific written authorization required that clearly indicates HIV/AIDS information is being requested. Authorization must specifically mention HIV/AIDS testing or status—general medical authorization is insufficient.

Substance Abuse Treatment Records

Legal standard: 42 CFR Part 2 provides strict protections for substance abuse treatment records, superseding both HIPAA and state law.

Authorization requirements: Must meet stringent federal requirements including specific language about re-disclosure. Requires separate, specific consent that meets 42 CFR Part 2 requirements.

Genetic Testing Information

Legal standard: California Genetic Information Privacy Act (Civil Code § 56.17) provides additional protections.

Authorization requirements: Specific authorization required for genetic testing information with additional use restrictions under California law.

Minor Patient Records

Legal standard: Family Code § 6925 grants minors control over certain records.

Key rules: Minors age 12+ control records related to mental health treatment, substance abuse treatment, reproductive health services, and sexual assault treatment. For PI cases involving minors, determine who has legal authority to authorize release based on type of treatment.

7. Common Rejection Reasons and Solutions to Avoid Restarting Your 15-Day Clock

Provider rejections don't just delay your timeline—they restart the entire 15-day clock, potentially adding weeks to your retrieval process and jeopardizing settlement deadlines.

8. Step-by-Step California PI Lawyer Records Request Checklist

A systematic approach separates efficient firms from those perpetually chasing missing documentation weeks before settlement negotiations or trial.

Week 1: Case Intake and Initial Authorization

Day 1-2: Client meeting actions

Execute HIPAA and CMIA-compliant authorization immediately using comprehensive California form
Have client create provider list including: primary care physicians, specialists, emergency rooms/urgent care, physical therapy/chiropractors, imaging centers, pharmacies, mental health providers
Obtain client signature on multiple authorizations (prepare 10+ copies)
Collect copies of any records, billing statements, or insurance EOBs client possesses
Verify demographics: full legal name (including maiden names), exact date of birth, current address, Social Security number
Document all known treatment dates and facility names

Day 3-5: Request preparation and submission

Create provider tracking spreadsheet with columns: Provider Name, Contact Info, Submission Date, Method, 15-Day Deadline, Status, Received Date, Issues
Draft individualized requests specifying exact records needed with date ranges
Verify current contact information for each provider (call to confirm fax numbers, email addresses, portal availability)
Calculate estimated fees using California fee schedule and prepare checks
Submit all requests using highest-efficiency method for each provider
Document submission date, time, and method in tracking spreadsheet
Set calendar reminders for 7-day follow-up, 12-day follow-up, and 15-day deadline

Week 2-3: Active Retrieval and Follow-Up

Day 7: First follow-up wave

Call each provider without response to confirm receipt
Ask for status update and estimated completion date
Document contact person name, conversation notes, and issues identified
Submit corrected requests immediately if problems identified

Day 12: Second follow-up wave

Formal written follow-up for providers approaching 15-day deadline
Reference California Health & Safety Code § 123110 requiring response within 15 days
Request immediate status update and completion commitment

Day 15: Deadline accountability

For providers past deadline, send formal demand letter via certified mail
Reference California statutory penalties for non-compliance
Escalate to facility compliance officer or patient advocate
Consider subpoena under CCP § 1985.3 if critical records needed for imminent deadline

Day 16-21: Records receipt and quality control

Open and review each set of records immediately upon receipt
Verify records match date range and include all record types
Check for gaps in dates, missing billing records, missing imaging CDs
Submit supplemental requests immediately for incomplete records

Week 4: Organization and Expert Preparation

Day 22-28: Final organization

Scan all records if received in paper format; use OCR for searchability
Apply Bates stamping numbering consecutively
Create chronological master index across all providers
Generate treatment type index (imaging, labs, PT, specialists, etc.)
Package records for expert review in preferred format

This 28-day process through traditional methods represents best-case scenario—assuming no rejections, minimal delays, and adequate staff resources. Codes Health's streamlined workflow compresses this timeline: submit all requests through one platform interface, AI reviews and submits to providers automatically, maintains daily follow-ups without staff intervention, and delivers organized chronological records ready for expert review in 10-12 days.

Some providers may offer same-day services, but they usually return partial, portal-only documents and rely on client involvement which causes churn. Codes Health retrieves complete records in 10–12 days with a flat fee.

9. Handling Denials, Delays, and Difficult Providers

Even perfect requests encounter provider resistance, requiring strategic escalation.

Strategic Escalation Ladder

Days 1-3 (Gentle Inquiry):

Polite phone call: "I'm following up on a request submitted [date] for [patient name]. Can you confirm receipt and estimated completion?"
Document contact person name and direct line

Days 4-7 (Professional Pressure):

Email to records supervisor citing California's 15-day requirement
Offer to help resolve any issues
Request written response with status update

Days 8-12 (Formal Escalation):

Email to compliance officer or patient advocate
Reference specific California statutes: Health & Safety Code § 123110, Civil Code § 56.11
Attach copies of original request and all correspondence

Days 13-15 (Demand Letter):

Formal demand letter via certified mail on firm letterhead
State original request date, California 15-day legal requirement, current day count
Provide final 48-hour deadline for compliance
Note intention to pursue legal remedies

Days 16-20 (Legal Action):

Prepare subpoena duces tecum if critical records needed
Ensure compliance with CCP § 1985.3 notice requirements
Include records custodian certification questions

Days 21+ (Regulatory Complaint):

File complaint with California CDPH
Document entire timeline for potential bad faith claim

The exhaustion factor: Maintaining dozens of simultaneous provider follow-ups leads to dropped balls and missed deadlines. Codes Health's automation maintains daily provider follow-ups automatically, escalates strategically based on response patterns, and alerts you only when intervention is needed.

10. Medi-Cal Records Request Process for California PI Attorneys

Medi-Cal cases require understanding California's public insurance system structure.

Medi-Cal Managed Care vs. Fee-for-Service

Managed care plan authorization: Most Medi-Cal beneficiaries receive care through managed care plans. Records requests go to the specific health plan (e.g., Health Net, Blue Shield, Kaiser) rather than directly to DHCS.

Fee-for-service Medi-Cal: For beneficiaries in traditional fee-for-service Medi-Cal, contact the California Department of Health Care Services (DHCS) for claims history and participating provider information.

Special Forms and Procedures

Medi-Cal Authorization: Some providers require specific Medi-Cal authorization forms beyond standard HIPAA/CMIA releases.

Billing documentation: Medi-Cal billing records establish treatment history and can identify providers client doesn't remember visiting.

Provider networks: Identify whether client's providers were in-network Medi-Cal participants to locate records efficiently.

Ready to Transform Your Medical Records Process?

The weeks-to-months medical records bottleneck doesn't have to stall your settlements or consume your staff's time. Codes Health delivers the fastest, most comprehensive medical records retrieval and AI-powered review platform available for California personal injury lawyers—combining 10-12 day turnaround with automated organization, missing records identification, and case-critical insights extraction.

For high-volume firms, Codes Health provides custom CRM and medical-software integrations to automate intake, sync status, and route documents. An MIT-educated engineering team also continually expands workflows and products so the platform keeps pace with legal and healthcare demands.

Schedule a demonstration to see how legal-grade AI can handle your entire pre-litigation medical records workflow, or start with your next cases to experience the efficiency gains firsthand.

Frequently Asked Questions

How long do California providers legally have to release medical records?

California law requires providers to deliver medical records within 15 days of receiving a proper authorization (prepayment may be required by the provider’s policy) under Health and Safety Code Section 123110. This is half the federal HIPAA timeline, making California one of the fastest statutory requirements in the country.

What is the difference between a HIPAA authorization and a California CMIA release form?

HIPAA provides federal baseline requirements, while California's CMIA adds state-specific requirements including more detailed purpose descriptions, explicit patient rights notices, and separate authorizations for sensitive records. When federal and state law conflict, the more restrictive California law applies. Use forms that explicitly satisfy both standards.

Can I request medical records on behalf of my client without a signed authorization?

No. Both HIPAA and California CMIA require valid written patient authorization for attorneys to obtain medical records. The only exception is through properly served subpoena duces tecum under CCP § 1985.3, which requires additional notice to the patient and allows objection.

What fees can California providers legally charge for medical record copies?

California law caps paper copies at $0.25 per page and allows reasonable clerical costs. Electronic records are charged at actual reasonable cost. Imaging copies may be charged at reasonable cost, not to exceed actual cost.

How do I find medical records from a doctor or hospital that closed years ago?

California retention requirements (hospitals must retain adult records at least 7 years under Title 22 CCR § 70751; minors' records at least 1 year after reaching 18, but not less than 7 years) mean older records may have been destroyed if retention period expired. Check the CDPH facility database, contact county medical societies, search business records for successor entities, or check with the California Medical Board for physicians' current practice locations.

What should I do when a provider rejects my medical records request?

Immediately review the denial letter for the specific reason cited. Common fixes include: obtaining fresh signatures for expired authorizations, providing clearer patient identifiers for insufficient information, submitting provider-specific forms for format issues, and including prepayment for missing fees. Codes Health's AI review system catches these errors before submission, preventing rejections that restart your 15-day clock and add weeks to your retrieval timeline.