- May a covered entity reuse or dispose of computers or other electronic media that store electronic protected health information?
- May a covered entity dispose of protected health information in dumpsters accessible by the public?
- What do the HIPAA Privacy and Security Rules require of covered entities when they dispose of protected health information?
- Does the HIPAA Privacy Rule require covered entities to keep patients’ medical records for any period of time?
- Does the HIPAA Privacy Rule require hospitals and doctors' offices to be retrofitted, to provide private rooms, and soundproof walls to avoid any possibility that a conversation is overheard?
- In limiting access, are covered entities required to completely restructure existing workflow systems, including redesigning office space and upgrading computer systems, in order to comply with the HIPAA Privacy Rule's minimum necessary requirements?
- May a covered entity hire a business associate to dispose of protected health information?
- How should home health workers or other workforce members of a covered entity dispose of protected health information that they use off of the covered entity’s premises?