Depends on how you mean this. I'm going to answer for America. If anyone wants to add other countries, great!
First, a doctor is a Covered Entity (CE) under HIPAA, the main US medical privacy law. He is allowed to transfer Protected Health Information (PHI) without the patient's approval under the following circumstances:
- He can send PHI to another CE in order to facilitate the patient's care. In this case, he's allowed to send everything.
- He can send out limited information about the patient for billing purposes -- the Minimum Necessary.
- He is required to send out PHI in response to a court order, subpoena, a request from the Secretary of Dept. of Health and Human Services (DHHS).
- He may release PHI in a VERY controlled way for purposes of operations -- for example, if he has a company handling offsite medical records backup, he can use them to back up your records. If this happens, the outside firm must sign an agreement binding them to pretty much the same stuff HIPAA requires from the doctor.
- He may release the medical record to the patient, the patient's Personal Representative, and the patient's legal custodian.
All this does not require any authorization from the patient, so there's nothing to sign.
So there's really no need for the doctor to sign on the patient's behalf, nor is there any legal grounds that would allow such.
