For HIPAA, you can do anything which the patient authorizes, with a few exceptions and after getting reasonable assurances that you are dealing with the patient. Now the practice may have specific policies in place like requiring a written authoriza...