If I am a Health information professional in this situation, I wouldn’t tell my friend about her husband’s health status from EMR. I would consider details about his health and treatment as confidential information which should be protected.
With autonomy in health care patients should be able to self-determine, meaning he is capable to decide on holding his own health data, and others should respect the decision. However, his decision causes others danger because his wife would be able to come infected. I am not sure if there are limits on autonomy that causes harm to the public, but this consideration might come under his physician more than an informatician.
With the health informatician position possibly under the third-party company, I wouldn’t reveal his data. I would decide to respect his determination after he consulted with his physician, protect confidential data and protect the rights of the patient.