How should an MRT respond to a request for patient records or radiographs by another healthcare provider?

Disclosing patient records should happen only under the protections of privacy laws when there is a valid need and proper authorization. The MRT must provide access in line with legal requirements and privacy regulations, confirming the requester’s identity and that the disclosure is for a legitimate health care purpose. Authorization should be documented, and the amount of information shared should be the minimum necessary to accomplish the purpose. Transfer should be secure, using encrypted electronic methods or a secure portal, or other approved, safeguarded channels; do not send PHI via unencrypted email or other insecure means. Verbal consent alone is not sufficient in most cases, and refusing all requests would ignore patients’ rights and applicable law.