How to destroy data on a hard drive to comply with HIPAA regulations
Looking to destroy HIPAA data on a hard drive? Learn the best way to destroy a hard drive to comply with HIPAA regulations in this expert response from David Mortman.
For my small medical practice, how do I comply with HIPAA regulations if I want to destroy patient data that has...
Continue Reading This Article
Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
been stored on hard drives?
There are two options for the destruction of electronic data. The company can do it internally or hire someone to do it. If you are going the in-house route, necessary items will include an industrial-strength degausser or a high-end shredder. In addition, it will be necessary to document the processes and procedures of how the data was destroyed and when it was done.
Alternately, there are third-party providers that destroy hard drives as a service. In this situation, the providers become a "business associate" (which under HITECH, the recent update to HIPAA, means they need to be HIPAA compliant as well). This means the provider must sign a contract that states it will follow appropriate procedures to protect the data until it is destroyed and then follow documented processes and procedures for the destruction of the data. Finally, they must also provide you with documented proof of the destruction of the data . Generally a third-party provider is the route I recommend. It outsources some of the risk and lets the company focus on other issues.
- Get more guidance on HIPAA data destruction requirements.
- Learn about encrypting data-at-rest to meet HITECH requirements.