[row ]
[col span=”1/1″ ]
[accordion title=”Excerpted from FAQ’s From the Department of Health & Human Services:”]
[accordion-item title=”1. What do the HIPAA Privacy and Security Rules require of covered entities when they dispose of protected health information?”]
The HIPAA Privacy Rule requires that covered entities apply appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information (PHI), in any form. See 45 CFR 164.530(c). This means that covered entities must implement reasonable safeguards to limit incidental, and avoid prohibited, uses and disclosures of PHI, including in connection with the disposal of such information. More…
[/accordion-item]
[accordion-item title=”2. May a covered entity dispose of protected health information in dumpsters accessible by the public?”]
No, unless the protected health information (PHI) has been rendered essentially unreadable, indecipherable, and otherwise cannot be reconstructed prior to it being placed in a dumpster. In general, a covered entity may not dispose of PHI in paper records, labeled prescription bottles, hospital identification bracelets, PHI on electronic media, or other forms of PHI in dumpsters, recycling bins, garbage cans, or other trash receptacles generally accessible by the public or other unauthorized persons. More…
[/accordion-item]
[accordion-item title=”3. May a covered entity hire a business associate to dispose of protected health information?”]
Yes, a covered entity may, but is not required to, hire a business associate to appropriately dispose of protected health information (PHI) on its behalf. More…
[/accordion-item]
[accordion-item title=”4. May a covered entity reuse or dispose of computers or other electronic media that store electronic protected health information?”]
Yes, but only if certain steps have been taken to remove the electronic protected health information (ePHI) stored on the computers or other media before its disposal or reuse, or if the media itself is destroyed before its disposal. More…
[/accordion-item]
[accordion-item title=”5. How should home health workers or other workforce members of a covered entity dispose of protected health information that they use off of the covered entity’s premises?”]
The HIPAA Privacy Rule requires that covered entities develop and apply policies and procedures for appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information (PHI), including through final disposition. More…
[/accordion-item]
[accordion-item title=”6. Does the HIPAA Privacy Rule require covered entities to keep patients’ medical records for any period of time?”]
No, the HIPAA Privacy Rule does not include medical record retention requirements. More…
[/accordion-item]
[/accordion]
[/col]
[/row]