Cyber Security and Disposing of Equipment

posted by Kathy Everitt on Thursday, January 31, 2019

Disposing of Equipment

When it comes time to replace equipment, cell phone, copiers, computers, USB drives and other removable media, remember to "wipe" all the personal health information contained within them before handing them off.

This includes giving devices to employees or organizations that accept donated computers or cell phones or make them available at a reduced price. 

The process of wiping the devices or tools clean is called “decommissioning” them.  The decommissioning takes place prior to disposal and should include:

  • Confirming the device or tool is thoroughly erased and securely destroyed or recycled
  • Maintaining a list of devices/tools which are decommissioned, when and how and by whom
  • If the decommissioning is taking place away from your premise, indicate when the device was last used and when it left your control
  • If a commercial organization is decommissioning the device/tools:
    •  Request a certificate of destruction
      • Certificate should list:
        • Manufacturer name of item, model and serial number
        • Method of destruction
        • Media type
        • Verification of destruction

In July, HHS issued the following reminder regarding disposing of equipment.  https://www.hhs.gov/sites/default/files/cybersecurity-newsletter-july-2018-Disposal.pdf  . 

You can find more detailed information from NIST at: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf 

Blog Author

Kathy Everitt

Senior Risk Management Consultant

Kathy brings with her more than 30 years of professional liabil...

Read More

BLOG CATEGORIES