Printer Friendly, PDF & Email

How to properly sanitize electronic media containing PHI

Michael Harstrick ( is the Chief Global Development Officer at Garner Products Inc., Roseville, CA.

If you look into the IT closets of many healthcare organizations, you will find stockpiles of old hard drives, thumb drives, cell phones, tablets, and laptops waiting. Waiting for what? Many organizations do not know what to do with decommissioned electronic media. This inaction creates a potentially costly risk of protected health information (PHI) data breaches from media loss, theft, and unauthorized resale of media on secondary markets.

Also, think about the fact that all medical monitoring devices store data. Each one puts you at risk of a potential Health Insurance Portability and Accountability Act (HIPAA) violation. Even your leased technology, such as fax machines, copiers, and printers, collect and store PHI that you are responsible for protecting. While organizations are often aware of front-end security threats such as hacking and ransomware, end-of-life media disposal often goes overlooked. Securely and properly disposing of decommissioned hard drives and other electronic media protects your patients’ PHI and can keep your organization off the HIPAA Wall of Shame.[1]

This document is only available to members. Please log in or become a member.

This document is only available to subscribers. Please log in or register for complimentary access.

* required field