Practice of Medicine


Recommended Actions for Unsolicited Diagnostic Tests

What should you do when you receive a test result that you did not order? This situation is becoming more common as patients now have additional options to self-refer for such tests, often without your knowledge. Examples include health fair results, coronary screening tests or hospitalizations without your involvement. The following are guidelines for dealing with unsolicited diagnostic tests and help to mitigate your liability risk.

Is There a Pre-existing Physician-Patient Relationship?

When you receive an unsolicited diagnostic test result, you must first determine if there is a pre-existing physician-patient relationship. Remember that accepting a capitated payment from a health plan on behalf of a patient may establish a physician-patient relationship regardless of whether you’ve actually seen that patient. If it is clear that you and the patient have a physician-patient relationship, then you should assume responsibility or refer the patient for interpretation of the test result and recommended course of action, regardless of whether the patient self-referred for the test.

What If There Is No Established Physician-Patient Relationship?

If no relationship exists, you may choose whether or not to accept the patient into your practice:

  • If you accept the patient, first contact the patient and assume all the obligations of
  • the interpretation, monitoring, and follow-up of the diagnostic test.
  • If you choose not to enter into a physician-patient relationship, return the original test to its

Recommended Actions for Unsolicited Diagnostic Tests 

source or the diagnostic center responsible for it. If you do this, use a statement such as “This is not a patient in our practice. Please use your data to inform the patient for appropriate physician referral or follow-up.” This action would also be appropriate if you receive tests results in error (i.e. by fax or mail). Calling the sender directly to notify them of the misdirected result has the best chance of getting the information to the patient and the proper provider for appropriate treatment and follow-up. Critical test results may require more diligence to ensure the information gets to the appropriate provider in a timely manner.


Although there is no legal duty, in the interest of patient safety there are some suggested steps you should take in returning an unsolicited diagnostic test. You should keep a log that documents the date the test was received, the patient’s name, the action taken in returning the test to the sender, and who the sender is. It is recommended that you fax the test information back so you will have documentation that the information was faxed to the appropriate test source and received.

Receiving protected health information for a non-patient inadvertently is considered a HIPAA breach on the part of the sender. It would be appropriate for the sender to request that you destroy the information as part of their HIPAA breach mitigation.

Created by MagMutual from materials provided by COPIC as part of MagMutual and COPIC’s alliance to improve patient safety and quality of care for all of our PolicyOwners.



Want to learn more?

Interested in how MagMutual can help?

View our products


The information provided in this resource does not constitute legal, medical or any other professional advice, nor does it establish a standard of care. This resource has been created as an aid to you in your practice. The ultimate decision on how to use the information provided rests solely with you, the PolicyOwner.