Skip to Main Content
Services Talent Knowledge
Site Search
Menu
Home page
Services Talent Knowledge
Firm Facebook
Firm Linkedin
Firm Twitter
Close Menu

Featured Industries

New & Emerging Industry Practice Areas

Practice Areas

Blog Post

August 20, 2018

Sanitize Your Media or Face a Breach: OCR Cybersecurity Guidance Signals Importance of Proper Device and Media Disposal

Health care providers are data collectors. But what about when it comes to data disposal? The federal government recently identified risks in disposing of electronic devices and media in a July 2018 cybersecurity newsletter issued by the US Department of Health & Human Services Office for Civil Rights (OCR).

The newsletter highlights how improper disposal of electronic devices often leads to data breaches, which can be time consuming and expensive for a health care organization due to costs associated with notifications, government investigations, legal action, and the need for consultants and legal counsel. The newsletter suggests that organizations take an inventory of the type and location of data they maintain, create a data disposal plan, maintain a proper chain of custody, have proper security controls in place when moving certain equipment, and securely decommission devices and media.

For paper, film, and other hard copy media, protected health information (PHI) is considered to have been disposed of securely when these items have been shredded or destroyed so that the PHI cannot be read or reconstructed. Redaction is not a proper means of data destruction. For electronic media, PHI is considered to have been disposed of securely when the media is “cleared, purged, or destroyed consistent with NIST special publication 800-88 revision 1Guidelines for Media Sanitization” in a way that the PHI cannot be retrieved.

The guidelines indicate that organizations can outsource media sanitization and destruction but recommend that organizations exercise due diligence when entering this type of contract with another party. This can include reviewing an independent audit, obtaining references from reliable sources, requiring certain certifications, reviewing security policies or procedures, or taking other appropriate measures to determine the competency and integrity of the company.

If you have any questions regarding the content of this blog post, please contact Bridget Steele, associate, at bsteele@barclaydamon.com or 716.858.3704.

Recent Posts

Key Contacts

Bridget Steele

Counsel

Rochester 585.295.4429 Read More
About Bridget Steele

Subscribe

Click here to sign up for alerts, blog posts, and firm news.
Sign Up

Featured Media

Alerts

NYISO Capacity Market Update: Key Data Newly Released for Supplier Revenue for 2025–2026

Read More
About NYISO Capacity Market Update: Key Data Newly Released for Supplier Revenue for 2025–2026

Alerts

Department of Labor FLSA Salary Increases Vacated by District Court Judge

Read More
About Department of Labor FLSA Salary Increases Vacated by District Court Judge

Alerts

IRS Publishes Final Regulations on the Retirement of Tax-Exempt Bonds

Read More
About IRS Publishes Final Regulations on the Retirement of Tax-Exempt Bonds

Alerts

Website Accessibility Lawsuits: Several "Tester" Plaintiffs—Howard Wilson, Kalari Jackson Girtley, Vincent Clement, and Eslimerari Ramos—Targeting Businesses in Recent Flurry of Lawsuits

Read More
About Website Accessibility Lawsuits: Several "Tester" Plaintiffs—Howard Wilson, Kalari Jackson Girtley, Vincent Clement, and Eslimerari Ramos—Targeting Businesses in Recent Flurry of Lawsuits

Alerts

NYS Court of Appeals Holds Electronic Service of Appellate Division Order on Trial Court Docket Is Effective and Reiterates Service by One Is Not Service for All

Read More
About NYS Court of Appeals Holds Electronic Service of Appellate Division Order on Trial Court Docket Is Effective and Reiterates Service by One Is Not Service for All

Alerts

Website Accessibility Lawsuits: Several "Tester" Plaintiffs—Holger Fiallo, Kane Brolin, Chris Jackson, Roosevelt Bradley, and Melissa McCabe—Targeting Businesses in Recent Flurry of Lawsuits

Read More
About Website Accessibility Lawsuits: Several "Tester" Plaintiffs—Holger Fiallo, Kane Brolin, Chris Jackson, Roosevelt Bradley, and Melissa McCabe—Targeting Businesses in Recent Flurry of Lawsuits
Previous Alert
Next Alert
View All Alerts

This site uses cookies to give you the best experience possible on our site and in some cases direct advertisements to you based upon your use of our site.

By clicking [I agree], you are agreeing to our use of cookies. For information on what cookies we use and how to manage our use of cookies, please visit our Privacy Statement.

I AgreeOpt-Out