Home /  News and Insights

/ HIPAA Requirements for Medical Equipment Disposal

HIPAA Requirements for Medical Equipment Disposal

When disposing of medical equipment, all requirements and regulations set by HIPAA must be followed throughout the entire process in order to avoid any violations.

  1. First, you must completely remove electronic protected health information (ePHI) from all devices being disposed of.
  2. If the device links to the patient health record and saves any patient-identifying information, the internal storage device should be removed and destroyed.
  3. If for some reason a hard drive with patient information is found after the device has been released from your facility, be sure that your third-party equipment vendor is well versed in the process for finding, removing, and destroying patient information. Best practice is to ensure and document a chain of custody.
  4. Reset all retired devices to their factory defaults.

Best Practices for Managing ePHI in Medical Equipment

When following a set process with documentation and validation, there leaves very little room for risk of cybersecurity threats. No matter what the reason is for removing a medical device from active use, you will need to follow an orderly decommissioning procedure, which should include:

  • Deleting stored data
  • Decontaminating the device
  • Removing any identifiable labels or markings
  • Dismantling or shredding the device so that it cannot be used
  • Disposing of hazardous or e-waste in a safe and environmentally friendly manner

ZRG Medical follows strict R2/SERI standards for managing all hospital equipment and electronic waste. ZRG can safely process sensitive data, releasing liability from the facility to ensure no risk of violations. By aligning our solutions with our customers’ goals, we can offer a personalized plan to solve asset disposition needs as efficiently as possible.