It is the responsibility of the HIPAA regulated entity to ensure proper destruction of personal information occurs. Businesses, organizations and facilities must make sure the electronics recycling company they choose is conversant with HIPAA regulations and can guarantee the proper care of hardware in its custody and the security of data and complete destruction of all sensitive and confidential information.
Is your computer and electronics recycler HIPPA compliant?
The Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability and Accountability Act (HIPAA), sets privacy and security standards for the handling, use and disclosure of Protected Health Information (PHI) -- http://www.hhs.gov/ocr/privacy/. The purpose of these measures is to protect the confidentiality and safety of patient information no matter what form that data takes; written reports, dictation tapes, computer discs, hard drives, printed reports, cell phone applications, mobility devices or any other medium.
HIPPA Rules Regulations and Requirements
HIPAA Security Rules require HIPAA regulated entities implement policies and procedures to address the final disposition of electronic public health information and the hardware or electronic media on which it is stored, as well as to remove all such data from electronic media before these media are made available for re-use.
These regulations include specific instructions for the disposal of all these records, and failure to abide by them can result in hefty fines, and potential patient lawsuits or bad publicity. Per HIPAA regulations depositing PHI in a trash receptacle accessible to the public is not an appropriate privacy or security safeguard. Businesses need to take a step further and protect themselves with a HIPPA compliant recycler.
What do you do to ensure your organization adheres to HIPAA regulations when your IT department decides to dispose of old electronics and update to newer systems?
HIPAA regulations specifically allow for hiring an outside vendor to “pick up
PHI in paper records or on electronic media from its premises, shred, burn, pulp, or pulverizes the PHI, or purge or destroy the electronic media, and deposit the deconstructed material in a landfill or other appropriate area.”
Per the HIPAA privacy and security rules, appropriate methods for removing ePHI from electronic media prior to reuse or disposal may be by clearing (using software or hardware products to overwrite media with non-sensitive data) or purging (degaussing or exposing the media to a strong magnetic field in order to disrupt the recorded magnetic domains) the information from the electronic media. If circumstances warrant the destruction of the electronic media prior to disposal, destruction methods may include disintegrating, pulverizing, melting, incinerating, or shredding the media.
Covered entities may contract with business associates to perform these services for them.
Who can you count on for HIPPA compliancy?
If your business needs to properly sanitize or destroyed data containing devices, you can count on Southeastern Data to ensure data security and 100% HIPPA compliancy.
Southeastern Data (SED) is a full service IT Asset Management and Electronics Recycling Company that specializes in helping organizations manage their surplus, obsolete and electronic waste materials through responsible and cost-effective electronics recycling and remarketing solutions.
For more information or to learn more about HIPPA compliant e-recycling services contact Southeastern Data at 1-800-810-0432 or by email at