As a health care provider subject to the privacy and security requirements under the Health Insurance Portability and Accountability Act of 996 (HIPAA) and/or under State law, you must safeguard patients’ personally identifiable health information. If you receive a remittance advice on a Medicare beneficiary who’s not your patient, you should 1) destroy it and 2) report it to your fiscal intermediary, carrier, or Medicare Administrative Contractor, as appropriate.