Covered entities (providers) are not permitted to simply abandon PHI or dispose of it in dumpsters or other containers that are accessible by the public or other unauthorized persons. The HIPAA Privacy and Security Rules do not require a particular disposal method. You must review your own circumstances to determine what steps are reasonable to safeguard Protected Health Information (PHI) through disposal, and develop and implement policies and procedures. This includes PHI in all forms including electronic and paper. How do you wipe your computers, phone, fax, and copy machines of PHI data? How are your paper records disposed of? Is your staff aware of proper disposal methods? Click here for more information.