Computers Break or Die
Disposing of them Properly is Important
When replacing any computer OR any device that has (or may have) PHI stored on it, you must dispose of it according to HIPAA requirements.
Additionally, you must have a policy in place that details this exact process.
We have done all of the hard work for you in our HIPAA compliant Computer Disposal Policy.
So…before you dispose of a computer from your office whether you plan to:
throw away the computer
give the computer to charity
give the computer to an employee
give the computer to anyone
You must ensure all PHI is removed from the computer…and DELETING does not do it!
What You Get
Even if you have an IT company who says they’ll take care of it, you need to have a policy and procedure in place…and you need to make sure they are doing it correctly. Give them this policy to follow.
Like everything else we do, we’ve made this as easy as possible.
Simple checklists to follow.
Clear and concise policies and procedures to follow.
What The Reg Says
CFR 164.310 (d)(2) Implementation specifications:
(i) Disposal (Required). Implement policies and procedures to address the final disposition of electronic protected health information, and/or the hardware or electronic media on which it is stored.
(ii) Media re-use (Required). Implement procedures for removal of electronic protected health information from electronic media before the media are made available for re-use.
(iii) Accountability (Addressable). Maintain a record of the movements of hardware and electronic media and any person responsible therefore.