A patient calls asking for their spouse's test results
You generally cannot release this without written authorization from the patient — even to a spouse.
Get the answer →Plain English explanations — no legal jargon, no overwhelm. Pick your role below and we'll show you exactly what you need to know.
Start here
We'll show you exactly what HIPAA means for you and what you actually need to do.
Front desk staff
Receptionists, schedulers, billing staff, and anyone who handles patient information at the front
Your reading path →Practice managers
Office managers, practice administrators, and those responsible for running the practice
Your reading path →Healthcare providers
Doctors, nurses, therapists, pharmacists, and all clinical staff who treat patients
Your reading path →Software and IT vendors
SaaS companies, IT providers, billing services, and anyone whose software touches patient data
Your reading path →What is HIPAA→What to protect→Your daily rules→If something goes wrong→Your checklist
Select your role above for a personalized path.
Plain English explainers
Common misconceptions
Myth
"We're too small to be fined for HIPAA violations"
Reality
OCR has fined solo practices and offices with fewer than 10 staff.
Myth
"Our software is HIPAA compliant so we're covered"
Reality
Your vendor's compliance does not cover your practice. You are still fully responsible.
Myth
"HIPAA means we can never talk about patients"
Reality
You can discuss treatment with other providers involved in a patient's care.
Real situations, clear answers
You generally cannot release this without written authorization from the patient — even to a spouse.
Get the answer →This may be a reportable breach. Take these steps in the next 24 hours.
Get the answer →This is an internal HIPAA violation. You have an obligation to report it.
Get the answer →Patients have a legal right to their records. You have 30 days to provide them.
Get the answer →Compliance checklist
Check off basics as you go — we save progress in your browser on this device.
0 of 16 items complete
HIPAA glossary
Start with our free risk assessment — about 10 minutes — or ask a question in plain English.
Not legal advice. medcomply.ai provides educational compliance basics; consult qualified counsel for legal decisions.