Does your medical practice have old computers lying around or in a storage area? These computers could be there because your practice just upgraded or replaced computers. You have kept the old ones around in case you needed important information off of them. This reason of “could have important information” on it is the same reason proper disposal and reuse of the computers is important.
When you recycle computer(s) or give it to your young nephew to use, you might think just deleting information on it or even formatting hard drive is good enough. Not so. If these computers end up in the wrong hands, identity thieves can use simple recovery tools to get information on it. This includes electronic Protected Health Information (ePHI). Your medical practice always wants to reduce the risk of this breach happening.
Before disposal and reuse, your practice wants to be sure to have the computers “wiped” before having them end up somewhere else. Wiping is using a program to write over the current “1s” and “0s” on your hard dive(s). We use a program called Active Kill to wipe. The program also helps us document that we did it.
Some could argue that wiping is not good enough. In our opinion, wiping is definitely “reasonable and appropriate” to reduce the risk of an ePHI breach. Especially, after wiping, if you recycle PC at a reputable place. Then the chances someone getting data off are reduced from slim to none.
Because of HIPAA Security Rule 164.310(d)(1), you need a policy and procedure implementing this wiping technology to make sure electronic Protected Health Information is hard to recovery before disposal or reuse. Also, a good idea to document that you have done it. Good news to those small medical offices local to CT Business Solutions Collegeville! We are currently offering FREE pickup, wiping, and recycling of your small medical office computers. And for full compliance, we will document and send that documentation back to you to keep for your HIPAA compliance records.