FAQs Categories

Disposal of Protected Health Information

What do the HIPAA Privacy and Security Rules require of covered entities when they dispose of protected health information?

May a covered entity dispose of protected health information in dumpsters accessible by the public?

May a covered entity hire a business associate to dispose of protected health information?

May a covered entity reuse or dispose of computers or other electronic media that store electronic protected health information?

How should home health workers or other workforce members of a covered entity dispose of protected health information that they use off of the covered entity’s premises?

Does the HIPAA Privacy Rule require covered entities to keep patients’ medical records for any period of time?