Under the HIPAA Privacy and Security Rules, covered entities are obliged to observe proper methods of disposing protected health information (PHI), of any form.

The Interim Final Rule for Breach Notification for unsecured Protected Health Information was published on August 24, 2009 in the Federal Register and it was effective from on September 23, 2009.

Interpretation of 'Business Associates'

PHI or Protected Health Information is called Individually Identifiable Health Information under HIPAA Privacy Rule.

HIPAA Covered Entity & HIPAA Business Associate