HIPAA Compliant Hard Drive Destruction

data destruction for HIPAA Compliance

The HIPAA Privacy Rule requires organizations to follow certain guidelines when disposing of computer hard drives containing ePHI.  In general, healthcare providers and covered entities must implement “reasonable” safeguards to the limit the exposure of ePHI all the way through destruction.  We have addressed the three basics requirements for the secure and compliant destruction of hard drives and ePHI.  NIST 800-66 Guide for Implementing HIPAA Security Rule.

The HIPAA Privacy Rule requires organizations to follow certain guidelines when disposing of computer hard drives containing ePHI.  In general, healthcare providers and covered entities must implement “reasonable” safeguards to the limit the exposure of ePHI all the way through destruction.  We have addressed the three basics requirements for the secure and compliant destruction of hard drives and ePHI.

“For practical information on how to handle the disposal of computers and digital media containing ePHI – consult NIST 800-88, Guidelines for Media Sanitization” – Department of Health and Human Services 

shredded hard drive material

Covered entities must implement “reasonable” safeguards under HIPAA regulations to limit the disclosure of EPHI. The term “reasonable” is ambiguous, and covered entities should error on safe side for data destruction. For example, if physical hard drive shredding is available, erasing hard drives may no longer seem “reasonable” under HIPAA regulations. Also, if on-site data destruction is available, allowing a vendor remove PHI for off-site destruction may no longer be in compliance with HIPAA.

E-Waste Security can help you comply with the specific requirements associated with ePHI and hard drive destruction.  We come to your location so you can witness and verify that your hard drives have been physically shredded. In addition, we provide you with a Certificate of Destruction with detailed serial number report for your records. HIPAA Security Standards, HIPPA Privacy Rules