The U.S. Department of Health and Human Services Office for Civil Rights has guidance on disposing of electronic devices. Employers should make sure they properly dispose of desktops, laptops, copiers, servers, smart phones, hard drives, etc. (“electronic devices”) so that sensitive information on those devices does not cause a data breach.
Electronic devices that need to be replaced should be decommissioned and disposed of securely.
Decommissioning involves taking the hardware out of service. This includes the following steps:
For electronic devices with protected health information under HIPAA, proper disposal is when the media on which the PHI is stored or recorded has been destroyed in one of the following ways