• Home
  • Blog
  • Contact

Call us toll free 0800 0000 900

support@hipaa.com
HIPAA ComplianceHIPAA Compliance
HIPAA ComplianceHIPAA Compliance
  • Home
  • Blog
  • Contact

Physical Safeguard Standard, Device and Media Controls: Medi Re-use Implementation Specification-What to Do and How to Do It

May 20, 2009 HIPAA Law No Comments

In our series on the HIPAA Administrative Simplification Security Rule, Device and Medial Controls is the fourth and last Physical Safeguard Standard.  Media Re-use is the second of four implementation specifications, and it is required.  As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010.  This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009.

What to Do

A covered entity must implement procedures for removal of electronic protected health information from electronic media before the media are made available for re-use.

How to Do It

A covered entity must delete any electronic protected health information on electronic media prior to re-use of the media.  The covered entity should consult with its hardware and software vendors to determine methods that work best for deleting electronic protected health information from electronic media that are to be re-used.  This includes moving electronic protected health information from one workstation to another within a covered entity as job responsibilities change for workforce members.  The covered entity’s Security Official should ensure that electronic protected health information is backed up and in secure storage prior to deleting electronic health information on subject electronic media.

Since publication of the final Security Rule on February 20, 2003, in the Federal Register, new storage media such as flash drives have become ubiquitous and costs of storage media have fallen significantly, with the result that replacing electronic storage media is relatively inexpensive.  Accordingly, a covered entity should consider as part of its risk analysis as an appropriate risk mitigation strategy the destruction rather than re-use of any electronic media that contain electronic protected health information.

Tags: 200320092010American Recovery and Reinvestment ActARRAbusiness associatescovered entitydevice and media controlselectronic protected health informationFebruary 17February 20Federal Registerflash drivehardware vendorHITECH Actimplementation specificationmedia re-usephysical safeguard standardPresident ObamarequiredRisk Analysisrisk mitigationSecurity Rulesoftware vendorworkstation
No Comments
Share
0

You also might be interested in

Contingency Plan-What This HIPAA Security Rule Administrative Safeguard Standard Means

Apr 1, 2009

This is the seventh Administrative Safeguard Standard of the HIPAA[...]

HHS Issues HIPAA NPRM for Unique Health Plan Identifier and One Year Delay for ICD-10 Code Set Compliance

Apr 11, 2012

April 10, 2012.  Yesterday, the Office of the Secretary of[...]

Final HIPAA/HITECH Act Privacy, Security, Enforcement, Breach Notification Rules Published in Federal Register January 25, 2013.

Jan 25, 2013

January 25, 2013.  The Final Rule is published, at last![...]

Leave a Reply Cancel Reply

Categories

  • 5010
  • American Recovery and Reinvestment Act
  • Enforcement
  • GINA
  • Health Care Reform
  • Health IT and HITECH
  • HIPAA Law
  • Identifiers
  • Meaningful Use
  • Privacy
  • Red Flags Rules
  • Security
  • Transactions & Code Sets
  • Uncategorized

Recent Posts

  • Contracting with Vendors that are NOT HIPAA Business Associates: Best Practices
  • HIPAA Breach: Who You Gonna Call?
  • Can I Be Sued for a HIPAA Violation?
  • Business Associate Agreements – a First Look at Indemnification
  • Gmail, Google Apps for Business HIPAA Business Associate Agreements

Archives

Contact Us

We're currently offline. Send us an email and we'll get back to you, asap.

Send Message

© 2023 · hipaa.com

Prev Next