Mobile devices are a popular and necessary means to delivery efficient care nowadays. Unfortunately, they are also very vulnerable to cyber attack. That’s why when you’re ready to upgrade to a new device, you should take particular care on how you dispose of your hardware. Risk management under HIPAA requires covered entities and their business associates to protect patients’ protected health information (PHI), and that includes data available on electronic devices and media, maintains the HHS Office for Civil Rights (OCR) in its July 2018 Cybersecurity Newsletter. “Improper disposal of electronic devices and media puts the information stored on such devices and media at risk for a potential breach,” the guidance reminds. “Data breaches can be very costly to organizations.” Assess your disposal rules, analyze and investigate your HIPAA security compliance shortcomings, and then back up your findings with a comprehensive management plan. Because remember, not only do you endanger the livelihood of your practice with shoddy protocols, but you put your patients at risk, too. Resource: Take a look at the July 2018 issue of the OCR’s Cybersecurity Newsletter at www.hhs.gov/sites/default/files/cybersecurity-newsletter-july-2018-Disposal.pdf.