DISPOSAL (R) - § 164.310(d)(2)(i)

The Disposal implementation specification states that covered entities must: “Implement policies and procedures to address the final disposition of electronic protected health information, and/or the hardware or electronic media on which it is stored.” When covered entities dispose of any electronic media that contains EPHI they should make sure it is unusable and/or inaccessible. One way to dispose of electronic media is by degaussing. Degaussing is a method whereby a strong magnetic field is applied to magnetic media to fully erase the data. If a covered entity does not have access to degaussing equipment, another way to dispose of the electronic media is to physically damage it beyond repair, making the data inaccessible.

 

ACCOUNTABILITY (A) - § 164.310(d)(2)(iii)

Where this implementation specification is a reasonable and appropriate safeguard for a covered entity, the covered entity must: “maintain a record of the movements of hardware and electronic media and any person responsible therefore”

 

What is ePHI?

Electronic protected health information (ePHI) refers to any protected health information (PHI) that is covered under Health Insurance Portability and Accountability Act of 1996 (HIPAA) security regulations and is produced, saved, transferred or received in an electronic form.

 

ePHI items to consider:

Computers

Laptops

Printers / Copiers / MFDs

Smart phones

Diagnostic Ultrasound

Machines

EEG machines

CT scanners

Hard Drives

Backup Tapes

Thumb Drives

Optical Media

Copyright © 2017 by E-Waste Experts, Inc.  ·  All Rights reserved  ·  E-Mail: info@ewasteexperts.com

416 Green Lane Bristol, PA 19007 877-DATA-ZAP

E-Waste Experts, Inc. Services