We must remember at all times that DATA IS PORTABLE, it is transferred from device to device and computers can be moved from sensitive areas to general use.

Computers are full of unwanted data, to ensure HIPAA compliance:

• Facility access controls must be implemented – Procedures have to be introduced to record any person who has physical access to the location where ePHI is stored. This includes software engineers, cleaners and even a handyman coming to change a light bulb. The procedures must also include safeguards to prevent unauthorized physical access, tampering, and theft.
• Policies relating to workstation use– Policies must be devised and implemented to restrict the use of workstations that have access to ePHI, to specify the protective surrounding of a workstation (so that the screen of a workstation cannot be overlooked from an unrestricted area) and govern how functions are to be performed on the workstations.
• Policies and procedures for mobile devices – If mobile devices are to be allowed access to ePHI, policies must be devised and implemented to govern how ePHI is removed from the device before it is re-used.
• Inventory of hardware – An inventory of all hardware must be maintained, together with a record of the movements of each item. A retrievable exact copy of ePHI must be made before any equipment is moved.

Contact Secure Data Recycling and we can help you build an inventory of your IT assets, where they are used and what they are used for.

Thus making sure any physical movement is recorded, logged for audit purposes.

Securing your Data is not just an end of life issue, contact Secure Data Recycling to understand more.