Test Results Sent to Wrong Doctor

We have received some recent inquiries from offices regarding the following question:

Is it a HIPAA violation that needs to be reported when the wrong doctor receives a patient's test results? (For example, patient X goes to a specialist and the results are sent to the specialist and the patient's family doctor instead of just the specialist.)

If a patient's results go to a physician who is not providing direct or indirect treatment to the patient, this would be considered an incident involving an unauthorized disclosure, and as many of you know, would be considered a HIPAA violation. The good news is that (in the example above) since both physicians would also be considered covered entities, they too are bound to comply with the HIPAA regulations, so the risk of harm to the patient would be in the low to extremely low range.

Thus, you would need to record this in the accounting of disclosures database or tracking mechanism (Disclosure Log) for this patient. Other than that, you are good to go, and hopefully whatever caused the mix-up can be chalked up to a good lesson learned without too much pain.