How to destroy data on a hard drive to comply with HIPAA regulations

Looking to destroy HIPAA data on a hard drive? Learn the best way to destroy a hard drive to comply with HIPAA regulations in this expert response from David Mortman.

David Mortman, Dell

For my small medical practice, how do I comply with HIPAA regulations if I want to destroy patient data that has...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

been stored on hard drives?

There are two options for the destruction of electronic data. The company can do it internally or hire someone to do it. If you are going the in-house route, necessary items will include an industrial-strength degausser or a high-end shredder. In addition, it will be necessary to document the processes and procedures of how the data was destroyed and when it was done.

Alternately, there are third-party providers that destroy hard drives as a service. In this situation, the providers become a "business associate" (which under HITECH, the recent update to HIPAA, means they need to be HIPAA compliant as well). This means the provider must sign a contract that states it will follow appropriate procedures to protect the data until it is destroyed and then follow documented processes and procedures for the destruction of the data. Finally, they must also provide you with documented proof of the destruction of the data . Generally a third-party provider is the route I recommend. It outsources some of the risk and lets the company focus on other issues.

More on this topic

HIPAA business associate agreement (BAA)

Is destroying a decryption key a strong enough security practice?

HIPAA and HITECH compliance: Who should perform assessments?

Does ISO 27001 certification mean HIPAA and HITECH compliance?

Please create a username to comment.

3 steps to ensure data sovereignty in cloud computing

Cloud security risks and the countermeasures you need now

Enhance your cloud threat protection with 5 tools, and more

Evolution of WLAN technology improves data rates, security

Future of wireless communications unifies 5G and Wi-Fi 6

SASE market emerges as the 'wave of the future'

Dell, PwC, Peapod accelerate digital transformation initiatives

4 ways CIOs can drive IT cost savings during the pandemic

Post COVID-19 strategies for CIOs on leading through crisis

Microsoft launches Windows File Recovery tool

Citrix microapps look to ease office reopening

VMware Workspace One unifies reshaped digital workforces

SUSE buys Rancher Labs for Kubernetes expertise

Why enterprises choose multi-cloud environments

Oracle Cloud at Customer adds Dedicated Regions

Security Think Tank: Ignore AI overheads at your peril

Consistent trust gap in contact-tracing apps in US, Europe

AWS HPC tech selected to help Ineos Team UK secure first British victory in the America’s Cup

More on this topic

Related Resources

Dig Deeper on HIPAA

HIPAA business associate agreement (BAA)

Is destroying a decryption key a strong enough security practice?

HIPAA and HITECH compliance: Who should perform assessments?

Does ISO 27001 certification mean HIPAA and HITECH compliance?

Related Q&A from David Mortman

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.