Contrary to popular belief, it is not always necessary to obtain written authorization from a patient to share their PHI. HIPAA regulations allow for the disclosure of PHI to appropriate individuals in the course of patient treatment, payment, and health care operations. For example, you do not need patient permission to send a consultation letter or to fax records to another provider that is treating a mutual patient. Likewise, you may transmit patient information to third party payers in the process of filing claims for payment. Similarly, it is allowable for faculty not directly involved with the care of a given patient to have access to that chart in the EHR for peer review since that is a commonly accepted health care operation.