However, with trustworthy authorization from a patient, and sufficient governance, a custodian is absolved of that risk and they must share data in a timely manner.  In other words, it should not be a question of whether or not a custodian trusts the recipient of data, but if a trusted governing entity does instead.