How to Stay HIPAA Compliant When Recycling Hard Drives

As doctors and hospitals are increasingly pushed in the direction of digitizing patient data, moving records to digital media and making data available to digital access points, that data becomes less—not more—secure.

Thanks to HIPAA rules and laws, there are strict requirements for protecting patient health information stored on the computers or other media before its disposal or reuse. This is especially true when records need to be physically moved from one location to another, or when recycling hard drives.

There are measures that can be taken in order to secure that data. So when surplus medical equipment needs to be reused or disposed of, keep the following in mind.

Because of HIPAA, protecting data and the identities, individual rights and medical information of patients is a top priority. That said, how are doctors and hospitals meant to protect that data once it leaves their care, such as in the case of recycling hard drives? Simply wiping a hard disk or a series of portable storage drives is not enough since the data is still recoverable. The drive itself would need to be replaced.

This process should be done through an e-waste recycling service that has a proven track record with surplus medical equipment.

To show that this data destruction has been carried out satisfactorily, HIPAA also requires that the recycling of hard drives must be documented in detail. A certificate of data destruction shows that the hospital or medical practice is indeed carrying out their due diligence when it comes to the destruction of patient data.

An example of that documentation can include a manifest of serial numbers of all equipment that once stored patient data and has since been destroyed. This helps doctors and hospitals prepare for JCAHO audits of existing practices and policies concerning patient data safety and security.

Further certification is awarded by HITECH on the grounds of adequate electronic health records maintenance. EHR maintenance includes the storing and elimination of patient data. HITECH also helps hospitals and doctors analyze other digital information to help them operate more efficiently.

Bottom line: Following hospital procedures are very important, and storing patient health information is a challenge, especially when you need to dispose of medical equipment. Compliance with laws concerning the securing and destruction of patient data records is not an option.

When you’re working with an e-recycler to dispose of that equipment, make sure they’re familiar with hospital procedures and healthcare laws so that every step is followed properly and your patients’ privacy is kept as a top priority.

Surplus Service is a San Francisco, CA Bay Area-based award-winning e-waste management business that specializes in ITAD, medical recycling, electronic liquidation, reverse logistics and data eradication. As the No. 1 electronic reuse and recycling leader, our goal is to provide eco-friendly solutions that lead to the reuse of electronics rather than just having them recycled or end up in a landfill. To learn more about us, call one of our e-waste recycling specialists at (510) 226-0600 or email us at Info@SurplusService.com.