Did you know that a significant number of hard drives bought on the second hand market still contain personal information? Even despite obvious indications that someone had attempted to overwrite the information. The HIPAA Privacy Rule requires that, “covered entities apply appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information (PHI).” This means that your practice must have safeguards in place that limit any disclosure of PHI.