This commentary discusses federal health privacy regulations, commonly known as the Health Insurance Portability and Accountability Act (HIPAA), and the misconceptions many providers share about its impact on incidental disclosures. The authors outline the current regulation requirements and offer strategies for interpretation, particularly in areas where gaps exist and professional judgment is needed. Discussion includes the ethical aspect of interpreting the regulations with criteria that should be met for an incidental disclosure to be permissible. Numerous examples are provided throughout the article. The authors conclude with recommendations to both comply with regulatory policy and ensure the best clinical care and professional ethics. They point out that giving absolute priority to maintaining a patient’s confidentiality should never compromise care.