Safe destruction of protected health information

2 minute read

What is degaussing, and why do you need to know? HIPAA regulation requires compliance professionals to implement administrative, technical, and physical safeguards to protect all protected health information (PHI) from any intentional or unintentional use or disclosure.[1] Eventual disposal or destruction of PHI, whether paper or digital records, must be accomplished in a way that leaves no possibility for information reconstruction. Degaussing describes a method of erasing information from a magnetic disk, tape, or other magnetic storage devices, such as a computer monitor or the read/write of a disk drive. Only authorized IT personnel or vendors with a business associate agreement in place should handle disposal of electronic PHI (ePHI) and/or the hardware or electronic media on which it is stored. A log of all destruction or disposal must be recorded and maintained permanently, including when a media device containing ePHI was completely erased, properly encrypted, or destroyed in its final disposition. Other methods of destroying ePHI include using software or hardware products to overwrite media, purging, or destroying media using methods such as disintegration, pulverization, melting, incinerating, or shredding.[2]

This document is only available to members. Please log in or become a member.

Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field