HIPAA compliance refers to the regulations specified in HIPAA regarding the security of medical information. Title II of HIPAA especially mentions the standards for:



• Guidelines for access to the data.
• How to process electronic transactions in terms of healthcare.
• What's required to comply with the Health and Human Services (HHS) privacy regulations?

What is Hard Drive Destruction?

Hard drive destruction is about more than only the general computer hard drives. There are hard drives in copiers, memory cards, phones, etc. 

The electronic devices that store Personally Identifiable Information (PII) or protected health information should be destroyed safely. Here are the items that fall under this category:



• X-rays
• Badges 
• SCSI drives
• Televisions
• Processors
• Backup tapes
• Mobile devices 
• Magnetic tapes
• Gaming systems
• Audiovisual media 
• Biomedical devices 
• Flash drives or USBs
• Credit and Debit Cards
• Zip disks or floppy disks
• Microfiche and Microfilm
• Hard drives across different devices
• RAM-based and ROM-based storage
• System or device that contained personal information
  

Hard Drive Destruction While Being HIPAA Compliant

HIPAA and other security and privacy regulations don't require any certain hard drive disposal method. But, they have a list of reasonable safeguards to protect confidential information. The media containing PII must be made inaccessible or unusable.

To keep your information safe, you must take reasonable safeguards when disposing of a hard drive. The difference between permanent and conventional data destruction is in the coding of hard drive sectors.



When you delete documents, the hard drive sectors are marked as empty. But, they're available to be replaced with new data. The data can still be recovered, leaving your clients' information vulnerable. The hard drive wipe software overwrites hard drive sectors with zeros and leaves them blank.

Use a Certified Data Destruction Vendor

If you use a third-party data destruction vendor, you must do proper due diligence as required by HIPAA regulations. It means that you should do your own research to decide:



• If they meet all the requirements to be a proper data destruction vendor
• If you can choose a data destruction vendor that is already certified by a recognized authority

Proper Documentation of Hard Drive Destruction

Once a hard drive is disposed of, you should have proper documentation to prove it. A Certificate of Destruction covers this as it describes the method of destruction as follows:

• How many units were destroyed
• The serial numbers of each unit
• Where the destruction took place 
• What type of units were destroyed
• Who witnessed the hard drive destruction

All digital media leaving your company must be inventoried and recorded so you can create a proper chain of custody.

The Bottom-line

Knowing how to destroy a hard drive while being HIPAA compliant is a part of your job as a Covered Entity.



Make sure to follow all state laws related to hard drive destruction. When it's time for hard drive destruction, use an irreversible method of data destruction like shredding.

At I-Shred, security and efficiency are a priority. I-Shred offers stress-free onsite shredding to save time and ensure your documents are destroyed properly. Which is why we offer recurring service to small businesses. We are dedicated to helping you save time and money when it comes to secure document destruction. Contact us today!