Skip Navigation

Safeguards

Does the HIPAA Privacy Rule require hospitals and doctors' offices to be retrofitted, to provide private rooms, and soundproof walls to avoid any possibility that a conversation is overheard?

May physician's offices or pharmacists leave messages for patients at their homes, either on an answering machine or with a family member, to remind them of appointments or to inform them that a prescription is ready? May providers continue to mail appointment or prescription refill reminders to patients' homes?

May physicians offices use patient sign-in sheets or call out the names of their patients in their waiting rooms?

Are physicians and doctor's offices prohibited from maintaining patient medical charts at bedside or outside of exam rooms, or from engaging in other customary practices where the potential exists for patient information to be incidentally disclosed to others?

A clinic customarily places patient charts in the plastic box outside an exam room. It does not want the record left unattended with the patient, and physicians want the record close by for fast review right before they walk into the exam room. Will the HIPAA Privacy Rule allow the clinic to continue this practice?

A hospital customarily displays patients' names next to the door of the hospital rooms that they occupy. Will the HIPAA Privacy Rule allow the hospital to continue this practice?

In limiting access, are covered entities required to completely restructure existing workflow systems, including redesigning office space and upgrading computer systems, in order to comply with the HIPAA Privacy Rule's minimum necessary requirements?

What do the HIPAA Privacy and Security Rules require of covered entities when they dispose of protected health information?

May a covered entity dispose of protected health information in dumpsters accessible by the public?

May a covered entity hire a business associate to dispose of protected health information?

May a covered entity reuse or dispose of computers or other electronic media that store electronic protected health information?

How should home health workers or other workforce members of a covered entity dispose of protected health information that they use off of the covered entity’s premises?

Does the HIPAA Privacy Rule require covered entities to keep patients’ medical records for any period of time?

Back to HIPAA - Frequently Asked Questions