Healthcare provider staff providers routinely communicate with other staff members and with patients, to facilitate patient treatment. Since such communication is so frequent and commonplace, the potential exists for incidental disclosure of protected information (PHI). Under the HIPAA Privacy Rule, covered entities must have in place appropriate administrative, technical, and physical safeguards that limit incidental disclosure.