Problem solve Get help with specific problems with your technologies, process and projects.

How to destroy data on a hard drive to comply with HIPAA regulations

Looking to destroy HIPAA data on a hard drive? Learn the best way to destroy a hard drive to comply with HIPAA regulations in this expert response from David Mortman.

For my small medical practice, how do I comply with HIPAA regulations if I want to destroy patient data that has...

been stored on hard drives?

There are two options for the destruction of electronic data. The company can do it internally or hire someone to do it. If you are going the in-house route, necessary items will include an industrial-strength degausser or a high-end shredder. In addition, it will be necessary to document the processes and procedures of how the data was destroyed and when it was done.

Alternately, there are third-party providers that destroy hard drives as a service. In this situation, the providers become a "business associate" (which under HITECH, the recent update to HIPAA, means they need to be HIPAA compliant as well). This means the provider must sign a contract that states it will follow appropriate procedures to protect the data until it is destroyed and then follow documented processes and procedures for the destruction of the data. Finally, they must also provide you with documented proof of the destruction of the data . Generally a third-party provider is the route I recommend. It outsources some of the risk and lets the company focus on other issues.

More on this topic



This was last published in November 2009

Dig Deeper on HIPAA