 | ||||
 | | | ||
 | ||||
|
||||
|
|||||||
|
HIPAA
Tip: Properly Disposing of Electronic Health Information
The HIPAA security rule, which takes effect April 16, 2005, requires physician offices to take appropriate steps to assure the security and confidentiality of their patients’ electronic medical records and other protected health information. This means that every time you dispose of, donate, or recycle a computer or other device used to store or transmit protected health information, you must make sure that information is completely erased and unretrievable. It is important that your staff be aware that using a computer’s “delete” function or sending data to the computer’s “recycle bin” will not erase the data from internal storage. To properly erase data from a computer hard drive or other electronic storage media (disks, tapes, etc.) you must either reformat the disk or use a commercially available disk-cleaning program. There are companies that specialize in physically removing and destroying old computer equipment. These companies will provide you with written certification that your data has been properly destroyed. Remember, when you use a company to destroy protected health information they are acting as a “business associate” and you need to have a HIPAA-compliant business associates’ agreement in place. To ensure that proper information disposal procedures are followed in your office, you or your designated “security official” should establish a written disposal policy. (For more information on security officials’ duties and requirements, click here.) Remember, HIPAA applies to any device that contains electronic protected health information, including but not limited to desktop, laptop, and handheld computers, backup disks, tapes or CDs, and even diagnostic equipment such as stress-test treadmills and ultrasound machines. For an overview of the security rule, see ON-CALL document #1607, “HIPAA Security Rule.” To download a business-associates-agreement template, see ON-CALL document #1602. ON-CALL documents are free to members at CMA's members-only website. Nonmembers can purchase ON-CALL documents from CMA's online bookstore. Detailed information on disposing of electronic health information is included in the CMA/PrivaPlan HIPAA Privacy and Security Toolkit. The toolkit also contains all the information, forms and help you need to comply with the HIPAA privacy rules and regulations. CMA members can purchase the toolkit for $325 (nonmember price is $495). For more information on the toolkit, click here. For more HIPAA information, visit the HIPAA Help Center. Contact: CMA's legal information line, 415/882-5144 or legalinfo@cmanet.org.
|
|
||||
 |
|
|