A patient calls asking for their spouse's test results
You generally cannot release this without written authorization from the patient — even to a spouse.
Get the answer →Real situations healthcare teams face — with clear steps. Not legal advice; use this to know what to escalate and when to call your privacy officer.
Role
You generally cannot release this without written authorization from the patient — even to a spouse.
Get the answer →This may be a reportable breach. Take these steps in the next 24 hours.
Get the answer →This is an internal HIPAA violation. You have an obligation to report it.
Get the answer →Patients have a legal right to their records. You have 30 days to provide them.
Get the answer →This depends on what the patient has authorized. When in doubt, say nothing.
Get the answer →Investigate promptly. Document everything. Determine if it is a reportable breach.
Get the answer →Treat it as a breach until proven otherwise. The 60-day clock is running.
Get the answer →If you handle their patient data, you need one. Review it carefully before signing.
Get the answer →Only share what they need, with a BAA in place, and through a secure method.
Get the answer →Stay calm, document everything, and notify your privacy officer immediately.
Get the answer →If it's for coordinated care and you're both involved in treatment, limited sharing is usually OK — stay professional and minimal.
Get the answer →Treat it seriously. Report it and work on preventing a repeat — volume and location matter.
Get the answer →Investigate, document, revoke access, and determine if this is a reportable breach.
Get the answer →Activate your incident plan, preserve evidence, and involve legal counsel early.
Get the answer →Be honest: explain your controls and BAAs — never promise a checkbox no one can guarantee.
Get the answer →