Home Health & Hospice Week

Industry Note:

Don't Let Device Disposal Break Your HIPAA Compliance

How careful are you when it comes to disposing of your agency’s electronic devices? If you’re not careful enough, you could be violating HIPAA.

Risk management under HIPAA requires covered entities and their business associates to protect patients’ protected health information (PHI), and that includes data available on electronic devices and media, maintains the HHS Office for Civil Rights in its July 2018 Cybersecurity Newsletter.

“Improper disposal of electronic devices and media puts the information stored on such devices and media at risk for a potential breach,” the guidance reminds. “Data breaches can be very costly to organizations.”

Assess your disposal rules, analyze and investigate your HIPAA security compliance shortcomings, and then back up your findings with a comprehensive management plan. Because remember, not only do you endanger the livelihood of your agency with shoddy protocols, but you put your patients at risk, too.

Resource: Take a look at the July 2018 issue of the OCR’s Cybersecurity Newsletter at www.hhs.gov/sites/default/files/cybersecurity-newsletterjuly-2018-Disposal.pdf.

Other Articles in this issue of

Home Health & Hospice Week

View All