HIPAA Compliant Hard Drive Destruction
The HIPPA Privacy Rule requires organizations to follow certain guidelines when disposing of computer hard drives containing ePHI. In general, healthcare providers and covered entities must implement “reasonable” safeguards to the limit the exposure of ePHI all the way through destruction. We have addressed the three basics requirements for the secure and compliant destruction of hard drives and ePHI.
Covered entities must implement “reasonable” safeguards under HIPAA regulations to limit the disclosure of EPHI. The term “reasonable” is ambiguous, and covered entities should error on safe side for data destruction. For example, if physical hard drive shredding is available, erasing hard drives may no longer seem “reasonable” under HIPAA regulations. Also, if on-site data destruction is available, allowing a vendor remove PHI for off-site destruction may no longer be prudent.
Hard Drive Destruction Service
E-Waste Security can help you comply with the specific requirements associated with ePHI and hard drive destruction. We come to your location so you can witness and verify that your hard drives have been physically shredded. In addition, we provide you with a Certificate of Destruction with detailed serial number report for your records. HIPAA Security Standards, HIPPA Privacy Rules