We Know Healthcare
Healthcare and IT
One of the most important IT considerations for healthcare organizations is how to dispose of equipment that contained Protected Health Information (PHI) in accordance with HIPAA standards.
The exact wording of HIPAA calls for “reasonable safeguards for data protection” - essentially, keeping all PHI out of the wrong hands. To keep your facility compliant with HIPAA data laws, it’s crucial that complete data erasure is guaranteed when you are getting rid of old equipment that was used for PHI storage. The best way to ensure that you meet these standards is to wipe or destroy all data bearing devices using HIPAA compliant hard drive destruction strategies.
CDR Global offers the following services for maximum security:
- Certificates of Data Destruction, which provide a detailed audit of all cleansed devices
- Video-taping of on-site hard drive destruction
- Witnessed on-site hard drive destruction
- On-site hard drive sanitization
- Secure shipping
Interested in our services? Fill out the form and someone will be in touch with you shortly!
Use these tips to make sure you are HIPAA compliant and to protect your organization from penalties.
- Ensure that all PHI information that is being disclosed or sent out, including paper and hardware, is properly documented and safely sent.
- Destroy all hard drives containing sensitive information with HIPAA compliant hard drive destruction strategies.
- Request a Certificate of Data Destruction to document thorough data destruction.
- Have a representative witness the destruction process - or request a video copy.
- Request third-party testing to ensure complete data destruction.
HITECH Act -
What You Should Know
In 2009, the HITECH Act (Health Information Technology for Economic and Clinical Health) expanded upon some of the rules for HIPAA enforcement. The act adds penalties for failure to meet standards and requires notification of the media in the event of a data breach. It also allowed for penalties to be imposed in the event that the organization was ignorant or unaware of the law. At CDR, we ensure that all data and patient information is destroyed.