> If I "consent" to a boilerplate agreement handed me moments before an action is taken, have I really?

A not uncommon practice with HIPAA “disclosures” is to sign an electronic device that records the signature (and provides no evidence that the document your signature is associated with is anything like the one you were given) prior to being provided with documents. So, yeah, the practices around consent with PHI suck pretty hard.