Health Insurance Portability and Accountability Act (HIPAA)

The final rule adopting HIPAA standards for the security of electronic health information was published in the Federal Register on February 20, 2003. This Final Rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information.

The requirements and implementation features for Device and media controls are presented at § 164.310 (d) of this rule. The following depicts the requirements and implementation features for the Device and media controls category.


Implement policies and procedures that govern the receipt and removal of hardware and electronic media that contain electronic protected health information into and out of a facility, and the movement of these items within the facility.


Disposal (Required): Implement policies and procedures to address the final disposition of electronic protected health information, and/or the hardware or electronic media on which it is stored.

Media re-use (Required): Implement procedures for removal of electronic protected health information from electronic media before the media are made available for re-use.

Accountability (Addressable): Maintain a record of the movements of hardware and electronic media and any person responsible therefore.

Data backup and storage (Addressable): Create a retrievable, exact copy of electronic protected health information, when needed, before movement of equipment.

We can help ensure your compliance. Call 1-800-225-7554 or complete the form below to get a copy of the most current regulations regarding HIPAA.

Enter the characters shown in the image.