HIPAA & Disposal of Protected Health Information

Is your organization required to comply with HIPAA privacy standards? If so, you’ve probably heard the term PHI – which is short for Protected Health Information. In the past we’ve written about how Protected Health Information must be rendered “Unusable, Unreadable, or Indecipherable to Unauthorized Individuals” — and that leads HIPAA covered entities and business associates to be especially careful about encryption at rest, encryption in-transit, and authentication.

However, today we’d like to take a step beyond that, to a day that no one enjoys but everyone experiences at some point. What happens when a hard drive containing Protected Health Information fails? The problem that most organizations face on that day, is the uncertainty about how to dispose of this type of storage device if they don’t have the luxury of being able to use software-based utilities for clearing it’s contents.

HIPAA-Compliant Disposal of Protected Health Information

HIPAA & Media Sanitization: Clear, Purge, and Destroy

If you are subject to HIPAA (either as a Covered Entity or as a Business Associate), you may have heard that you have Media Sanitization obligations.  Anytime you take a storage device (like a laptop with a hard drive) and dispose of it, sell it, or otherwise transfer it, you need to pause briefly to make sure you follow your media sanitization obligations.  We find much of the material on this to be written in a way that is extremely hard for anyone but an IT / HIPAA specialist to understand, so we're writing this article in plain language to cover some of the key points.

HIPAA Media Sanitization
Cyber SecurityHIPAA

Protected Health Information: A Cybersecurity Perspective

If your organization has HIPAA obligations — either as a Covered Entity or a Business Associate — you’ve probably heard the term Protected Health Information. Often referred to as PHI amongst industry insiders, understanding this term is crucial to standing up a strong cybersecurity perimeter to honor your HIPAA obligations. Although your HIPAA obligations are a mix of privacy and security obligations (and beyond), here we’ll talk mostly about security of three particular types of information that are definitely a part of the patient records covered by HIPAA.

HIPAA Protected Health Information