The HIPAA Privacy Rule restricts the ability of covered entities and business associates to use and disclose individuals’ protected health information. For example, employees of covered entities are not at liberty to disclose individual protected health information (PHI) to whomever they please. What if, however, disclosure of PHI is necessary to demonstrate that a covered entity has, say, engaged in criminal conduct, violated professional or clinical standards, or [...]