Is there a Lack of Guidelines on the Re-Use of Hardware or Electronic Media for Healthcare?

Join Our Mailing List 

What to do to mitigate risk

Shahid N. Shah MS

[By Shahid N. Shah MS]

It is a common scenario that the hardware and electronic media are re-used instead of being simply disposed. They can be reused either internally within the healthcare organization or they can be resold or donated to other organizations/individuals.

Whatever may be the nature of reuse, it is important that all ePHI are completely erased using official government approved wiping methods, before it is given out for re-use. If this is not done, there are fairly high chances of the data being exposed and there by compromising ePHI.

Major Mitigation

Specific policies and procedures needs to be defined which clearly provides guidelines on the measures to be adopted when hardware or electronic media are reused. Often the risks associated with internal reuse of these media are overlooked, and as such there are no guidelines. Even if it is internal reuse, the same level of risks associated with unauthorized access exists here. 

Secondary Mitigation

Policies and procedures which advocates the use of logs and book keeping for these reuse would help to track these media in a better way. 

Success criteria

Audit of the logs and book keeping records will provide the information on whether the policies are being followed. And, the risk assessment report will give a clearer picture whether this risk has been mitigated or not.


working with computer



Mr. Shahid N. Shah is an internationally recognized healthcare thought-leader across the Internet. He is a consultant to various federal agencies on technology matters and winner of Federal Computer Week’s coveted “Fed 100″ Award, in 2009. Over a twenty year career, he built multiple clinical solutions and helped design-deploy an electronic health record solution for the American Red Cross and two web-based eMRs used by hundreds of physicians with many large groupware and collaboration sites. As ex-CTO for a billion dollar division of CardinalHealth, he helped design advanced clinical interfaces for medical devices and hospitals. Mr. Shah is senior technology strategy advisor to NIH’s SBIR/STTR program helping small businesses commercialize healthcare applications. He runs four successful blogs: At he writes about architecture issues; at he provides valuable insights on applying technology in health care; at he advises senior federal technologists; and at he gives a glimpse of HIT as an aggregator. Mr. Shah is a Microsoft MVP (Solutions Architect) Award Winner for 2007, and a Microsoft MVP (Solutions Architect) Award Winner for 2006. He also served as a HIMSS Enterprise IT Committee Member. Mr. Shah received a BS in computer science from the Pennsylvania State University and MS in Technology Management from the University of Maryland. 


Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact:




  Risk Management, Liability Insurance, and Asset Protection Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™Comprehensive Financial Planning Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: