What should facilities do if they receive a request for patient records without proper authorization?

When a facility receives a request for patient records without proper authorization, the appropriate action is to deny the request and inform the requester. This is important because patient records are protected under HIPAA and other privacy laws, which require explicit consent from the patient before any information can be disclosed. By denying the request, the facility ensures that it is compliant with legal regulations and safeguards the patient's privacy.

Informing the requester about the denial is also crucial as it provides clarity on why the records cannot be released, and it may prompt them to provide the necessary authorization if they still wish to access the information. This step is not only about compliance but also serves to maintain transparency and good relations between the healthcare provider and the requester.

In this context, simply ignoring the request could lead to potential legal issues, while releasing records with limitations could compromise patient confidentiality. Consulting legal counsel could be an appropriate step in complex cases, but it is not the initial response to a request made without proper authorization. Hence, denying the request aligns best with legal requirements and ethical standards in healthcare.