Home HIPAA Controls 164.310(b)
164.310(b) Physical Safeguards

Media Controls

High Risk Moderate Medium

Implement policies and procedures that govern the receipt and removal of hardware and electronic media that contain ePHI into and out of a facility, and the movement of these items within the facility.

Implementation Guidance

Develop comprehensive media control policies including:
• Media receipt and removal procedures
• Media movement and tracking procedures
• Media sanitization and disposal procedures
• Media inventory and management procedures
• Media security and protection procedures
• Media access control procedures

Key components:
- Media receipt and removal
- Media movement tracking
- Media sanitization
- Media inventory management
- Media security controls
- Media access controls

Required Documentation

• Media control policies and procedures
• Media receipt and removal procedures
• Media movement and tracking procedures
• Media sanitization and disposal procedures
• Media inventory and management procedures
• Media security and protection procedures
• Media access control procedures

Best Practices

• Develop comprehensive media control policies
• Implement effective media tracking
• Use proper media sanitization methods
• Maintain accurate media inventory
• Implement strong media security controls
• Control access to media
• Regular review and update of procedures

Common Violations

• Lack of media control policies
• Inadequate media tracking procedures
• Insufficient media sanitization
• Poor media inventory management
• Inadequate media security controls
• Insufficient media access controls

Testing Procedures

• Review media control policies
• Test media tracking procedures
• Verify media sanitization methods
• Review media inventory management
• Test media security controls
• Verify media access controls
• Review policy compliance

Implementation Resources

Download expert-developed templates and checklists to implement this control:

Implementation Checklist
Policy Template

Quick Facts

Control ID 164.310(b)
Category Physical Safeguards
Risk Level High
Difficulty Moderate
Est. Cost Medium
Timeframe 2-4 months
Last Updated Mar 1, 2026
Get Expert Help Free Assessment

Related Controls

Explore other controls in the Physical Safeguards category.

164.310(c) High

Device and Media Controls

Implement policies and procedures to address the final disposition of ePHI, and/or the hardware or electronic media on which it is stored....

164.310(a)(1) High

Facility Access Controls

Implement policies and procedures to limit physical access to electronic information systems and the facility or facilities in which they are housed, ...

164.310(a)(2) Medium

Workstation Use

Implement policies and procedures that specify the proper functions to be performed, the manner in which those functions are to be performed, and the ...

Need Help Implementing This Control?

Our certified HIPAA experts can help you implement this control correctly and efficiently.

Contact Our Experts View All Controls