WASHINGTON – The U.S. Department of Health and Human Services Office for Civil Rights has released guidance for health providers, payers and others when disposing of technology that contains electronic protected health information (ePHI). “Improper disposal of electronic devices and media puts the information stored on such devices and media at risk for a potential breach,” the guidance states. “Data breaches can be very costly to organizations.” Examples of digital equipment include desktop computers, laptops, tablets, smart phones, hard drives and USB drives. The guidance suggests that when disposing of technology that contains ePHI, providers and others should: determine and document the appropriate methods to dispose of the hardware, software and the data itself; ensure that ePHI is properly destroyed and cannot be recreated; ensure that ePHI previously stored on hardware or electronic media is securely removed so that it cannot be accessed and reused; identify removable media like CDs/DVDs or thumbdrives and their use; and ensure that ePHI is removed from reusable media before they are used to record new information.
You are here: / / HHS offers guidance on disposing of technology containing PHI