Page 4 - HIPAA Guard Herald - July 2018 e-Newsletter
P. 4

HIPAA Guard  HE RA L D

    Y O U R   MO N T H L Y  N EW SL ET T E R   O N   SU R V IV I N G  H IP A A




     # 4   “Be   C a u tio u s ”   w it h   pa pe r   f il e s   y o u                              For  printed  protected  health  information,  make  use  of  a  shredder.

     a re   g ive n   as   to   secu re   or   s h r ed   th e m                                    NEVER  dispose  your  printed  documents  containing  sensitive  patient
                                                                                                    data  in  a  dumpster  that  is  publicly  accessible  unless  your  facility  or
     a f te r   vie w in g                                                                          practice has


             Your paper or digital trash may be violating HIPAA!!!


     One  of  the  implementation  specification  of  HIPAA  Standard  {§
     164.310(d)(1)} Device & Media Controls pertains to the required proper
     disposal  of  ePHI  {§  164.310(d)(2)(i)}.  Your  practice  or  facility  must
     ensure  that  electronic  media  which  contains  ePHI  must  be  unusable
     and/or inaccessible.


     Though there is no explicit recommendations on how you will dispose
     your facility or practice’s printed and digitized PHI, you are required to

     create reasonable steps to protect PHI and ePHI during disposal. Do risk
     assessment  and  create  appropriate  and  adequate  policies  and
     procedures about the HIPAA compliant ways in disposing these sensitive
     documents  or  data.  Train  your  employees  to  strictly  adhere  to  the
     policies and procedures relating to ePHI and PHI disposal.
                                                                                                    Other ways that your PHI or ePHI can be properly disposed of according
     Protected Health information stored in electronic media when no longer                         to OCR are burning, pulping, or pulverizing the records

     in  use  must  be  properly  ‘sanitized’  and  disposed.  Electronic  Media
     includes  all  computers  and  digital  storage  devices  such  as  desktop
     workstation,  laptop,  server,  notebook,  tablet,  and  handheld  computer                    For those labeled prescription bottles and other PHI, maintain them in
     hard drives; external hard drives; and all external data storage devices                       opaque bags in a secure area and make use of a disposal vendor as a
     such as disks, flash drives, DVD, and CD. NIST’s  Guidelines for Media                         business associate to pick up and shred or otherwise destroy the PHI.
     Sanitization details a process of removing data from electronic storage                        Do not forget your Business Associate Agreement with this third party
     media ensuring ePHI could no longer be retrievable or recoverable.                             disposal services.

                                                                                                                                                     ISSUE 08
                                                                                                                                                    July 2018
   1   2   3   4   5