E-Waste Security

  • Home
  • Services
    • Product Destruction
    • Hard Drive Destruction
    • Computer Recycling
    • Certificate of Destruction
  • Compliance
    • NIST 800-88
    • GLBA – Financial Institutions
    • NSA/CSS – Government Contractors
    • HIPAA Compliance
    • NIST Compliance
    • Media & Entertainment
    • FTC Fines – GLBA
  • Hard Drive Destruction
    • NAID Certified
    • HIPAA Compliant
  • About Us
    • Articles
  • Contact Us
Home
|
Articles
|
News
|
HIPAA Data Destruction Requirements – HIPAA Physical Safeguards

HIPAA Data Destruction Requirements – HIPAA Physical Safeguards

December 22, 2016 by Gary Scott News
0

The Health Insurance Portability and Accountability Act (HIPAA) require organizations, including: insurance companies, clinics, doctor’s offices and hospitals, to physically safeguard electronic protected health information (EPHI) stored on computer hard drives, optical, flash and magnetic media.

PROTECT EPHI FROM UNAUTHORIZED ACCESS

There are three basic standards for physical safeguards to protect EPHI from unauthorized access or intrusion.  These are Facility Access Controls, Workstation Security and Device and Media Controls.  We will discuss Device and Media Controls – the process of digital data destruction and disposal such as hard drive destruction or shredding – in our next segment.

Facility Access Controls – Covered entities must establish:

  1. Contingency plan to restore lost data – Establish protocols that allow access to support restoration of data in the event of a disaster
  2. Security plan to safeguard against unauthorized physical access – Physical access controls allow only those individuals with legitimate business needs to access EPHI
  3. Access control to validate a person’s access – Processes to validate or deny access based on a person’s role or job function and the need to perform their tasks
  4. Maintenance records – Document changes to security equipment detailing the loss of authorized access to EPHI when an employee is terminated

HIPAA AND DIGITAL DATA DESTRUCTION VENDOR DUE DILIGENCE

RISK OF LIABILITY:  Do your policies and procedures identify individuals (employees, associates and contractors) with authorized physical access by title and/or job function?

Do you allow your electronic recycler or data destruction vendor to remove PCs or laptop computers for offsite destruction?

E-Waste Security is a NAID Certified digital data and hard drive destruction company.  We provide onsite destruction services to help comply with PHI destruction requirements associated with HIPAA and other data privacy laws.

  • Facebook
  • Twitter
  • Google+
  • LinkedIn
Private: Target Data Breach
Asus Routers Compromise USB Attached Hard Drives

Related Posts

  • Hard Drive Destruction Los Angeles
    October 9, 2018
  • Rare Earth Magnet Recycling
    September 12, 2018
Hard Drive Shredding
https://youtu.be/Mus46accNjk
Free Quote
San Diego
9920 Pacific Heights Blvd #150
San Diego, CA 92120
(858) 800-2770

  • Facebook
  • Twitter
  • Google +
  • Youtube
Los Angeles
1730 East Holly Avenue
El Segundo, CA 90245
(424) 217-7900

5405 Wilshire Blvd #302
Los Angeles, CA 90036
(323) 677-2502
Orange County
HEADQUARTERS
8 Whatney
Irvine, CA 92618
(949) 514-8090
Santa Clara, County
97 S. 2nd Street #251
San Jose, CA 95113
(650) 450-9956
Copyright 2018 E-Waste Security | All Rights Reserved