HIPAA Compliant Hard Drive Destruction

The HIPPA Privacy Rule requires organizations to follow certain guidelines when disposing of computer hard drives containing ePHI.  In general, healthcare providers and covered entities must implement “reasonable” safeguards to the limit the exposure of ePHI all the way through destruction.  We have addressed the three basics requirements for the secure and compliant destruction of hard drives and ePHI.

computer hard drives

Reasonable Process

“Reasonable” is a vague term when discussing the proper way to dispose of patient information.  Organizations shred paper documents because it wouldn’t be “reasonable” to throw them in the trash.  Just like paper documents, shredding services are now available for computer hard drives.

Read More

Proper Documentation

Proper documentation is a HIPAA requirement.  All digital media leaving the organization needs to be inventoried and recorded to establish a proper chain-of-custody.  A Certificate of Destruction is the standard document provided to establish who destroyed the ePHI on computer hard drives.

Read More

Certified Vendor

HIPAA requires that healthcare organizations do their due-diligence when hiring a third-party data destruction vendor.  This requirement can be met by doing your own research and vetting or by using a vendor that is certified by a recognized authority.

Read More

Covered entities must implement “reasonable” safeguards under HIPAA regulations to limit the disclosure of EPHI. The term “reasonable” is ambiguous, and covered entities should error on safe side for data destruction. For example, if physical hard drive shredding is available, erasing hard drives may no longer seem “reasonable” under HIPAA regulations. Also, if on-site data destruction is available, allowing a vendor remove PHI for off-site destruction may no longer be prudent.

Hard Drive Destruction Service

E-Waste Security can help you comply with the specific requirements associated with ePHI and hard drive destruction.  We come to your location so you can witness and verify that your hard drives have been physically shredded. In addition, we provide you with a Certificate of Destruction with detailed serial number report for your records. HIPAA Security Standards, HIPPA Privacy Rules