![]() Once a hard drive is destroyed, you must have adequate documentation proving it.Ī Certificate of Destruction will cover this, as it outlines the method of destruction, how many units were destroyed, what type of units, the serial numbers of every unit, where the destruction occurred (on-site or off-site), and finally, who witnessed the destruction of the drives.Īlso, all digital media leaving your organization has to be inventoried and recorded so that you can establish a proper chain-of-custody. ![]() Meaning that you conduct your own research and vetting to decide whether or not they meet all the requirements to be a proper destruction vendor, or you can choose one that is already certified by a recognized authority. When hiring a third-party destruction vendor, HIPAA regulations require you to do proper due diligence. So, for hard drives, physically destroying the hard drive is now the norm whereas merely erasing the data is no longer "reasonable" under HIPAA regulations. For example, you should be shredding any documents you have with private data or information on it as opposed to just throwing them away. The best way to understand this is to think of all the ways you can get rid of sensitive information to ensure that it doesn't get in the wrong hands. The rule requires organizations that are considered covered entities to implement "reasonable" safeguards when it comes to getting rid of hard drives. But, there is some vagueness to these rules. The HIPAA Privacy Rule requires organizations to follow specific guidelines for destroying a hard drive. This is where learning the HIPAA compliant hard drive destruction process can prove tremendously valuable. ![]() To ensure that your information is safe, you must take the necessary precautions when getting rid of a hard drive. There is no way to be sure that all the data on a hard drive is clean, and if it gets into the wrong hands, you may be looking at some hefty fines. Simply throwing out a hard drive that contains confidential information - such as patient data - puts your practice at serious risk. However, for covered entities under HIPAA, it's something that must be done from time to time. Destroying a hard drive might sound like something reserved for a James Bond-type spy and espionage thriller.
0 Comments
Leave a Reply. |