Keeping your facility compliant with HIPAA data laws
One of the most important considerations for HIPAA-covered entities is how to dispose of Protected Health Information (PHI). It’s crucial that you can prove your patient information was disposed of properly when you are liquidating old equipment, which is why data destruction is an important step in the process.
HIPAA Compliant Hard Drive Destruction Requirements
The exact wording of HIPAA calls for “reasonable safeguards for data protection,” which means keeping all PHI out of the wrong hands. While data destruction is not specifically mentioned in the original HIPAA requirements, it still falls under the reasonableness principle for protecting patient information. When getting rid of any hardware that was used for PHI storage, complete data erasure must be guaranteed, according to the HITECH Act, which we will go into later.
PHI and your organization
When liquidating IT assets, you need to carefully assess the risk to patient information for different types of equipment. Any hardware that stores data in a HIPAA-covered workplace should be treated with all due consideration for these requirements. The best way to ensure that you meet standards is to wipe or destroy all data baring devices using HIPAA compliant hard drive destruction strategies. CDR Global ensures complete data erasure on all of your equipment and will provide a certificate of destruction when requested. We offer the following data destruction and equipment recycling services:
- On-site and off-site hard drive shredding.
- DOD-compliant hard drive sanitation.
- Hard drive recycling.
You can protect yourself from HIPAA violations by witnessing your data destruction and receiving a certificate of destruction for your records.
What you need to know about HITECH
In 2009, the HITECH Act expanded upon some of the rules for HIPAA enforcement. Essentially the act gives HIPAA some teeth and adds penalties, as well as requires notification of the media in the event of a data breach. It also removes the bar on imposition of penalties in the event of ignorance of the law. The government takes these regulations seriously, and representing a covered entity means that you should as well.
How to Protect Your Organization From HIPAA Penalties
CDR can help you take the necessary steps to make sure your covered entity is HIPAA compliant. You’ll need to make the following priorities:
- Ensure that all outgoing information, including paper and hardware, is properly documented.
- Destroy all hard drives using HIPPA compliant hard drive destruction strategies.
- Request a Certificate of Data Destruction to document thorough data destruction.
- Have a representative witness the destruction process or request a video copy.
- Request third-party testing to ensure complete data destruction.
CDR Global specializes in complete hard drive sanitation to recycle old hard drives and recover the value of your equipment. We use a DOD-compliant (Department of Defense) software program that checks every sector of the hard drive to ensure it can be completely purged. After multiple passes, if a hard drive fails it is shredded immediately, eliminating the risk to your organization. All data destruction and hard drive sanitation procedures come with a free report with line-item serial numbers and data erasure details for your records. We also accommodate on-site destruction if you need to witness sensitive information being destroyed. Hard drive shredding can be a time-consuming process, so we also offer video of data destruction to ensure HIPAA compliance. We take all of these steps because protecting your data is always our highest priority. There is a reason Fortune 500 companies choose CDR Global for their IT recycling; we take the extra steps the other guys won’t.
If you would like to hear more about hipaa compliant hard drive destruction, or how we can help, request more information online or give us a call directly at (405) 749-7989 or (888) 200-4731.