This policy is listed for reference only and should be reviewed with your lawyer before implementing them into daily practice. We are not lawyers and are not providing any legal advice. View our legal disclaimer.

Device & Media Controls Media Re-use Policy

Reference: §164.310(d)(2)(ii)
Last Updated: October 13, 2023


The purpose of the Device and Media Control, Media Reuse Policy is to establish guidelines for the removal of ePHI from electronic media before the media is made available for re-use.



  • Device: For the purposes of this policy devices are considered to be electronic hardware (including but not limited to workstations, personal computers, servers, laptops, copiers, fax machines, and handheld units) with storage capability to record and save ePHI.
  • Storage Media: Including but not limited to disk drives, tapes, floppy disks, CD’s, zip disks, flash cards, USB memory sticks, optical disks, and hard copies.
  • Data sanitization. Data sanitization refers to the process of permanently and irreversibly removing or destroying data that is stored in a system or a component of the same such as memory device. Data Sanitization may also be used on standalone storage devices.

Any equipment or storage media that contains confidential, critical, internal use only, and/or private information will be sanitized by appropriate means or destroyed by the Security Officer or his/her appointed designee before the equipment/media is reused.

Specifically speaking, all devices with storage capabilities shall be sanitized prior to the re-issuance or repurposing of the device. In specific circumstances, and upon the approval of the Security Manager or designated representative, sanitization requirements may be modified or bypassed altogether.

Additional consideration prior to reusing any ePHI capable device include:

  • Hard drives, servers and printer/peripheral must be cleansed prior to transfer to a new user.
  • Temporary storage of data on “smart” devices such as photocopiers with internal hard drives or memory must be cleansed prior to transfer.
Simplify Your Compliance with
Software and Guided Coaching
Let your patients and clients know that you take HIPAA seriously with the HIPAA Seal of Compliance for your website, storefront, and marketing materials.

Get instant access to HIPAA Compliance News and Updates

You'll get your first checklist as soon as you sign up!

overlapping hands

Our Mission

To safeguard medical data by providing secure, reliable, and fully HIPAA-compliant hosting solutions, enabling healthcare professionals to focus on their primary mission of providing care.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram