Rev Up Compliance with Onsite Shredding to Avoid a HIPAA Data Breach

Posted in Blog

Glenn Laga

Securely disposing of end of life IT Assets onsite at the origin location is the safest way to avoid a HIPAA data breach.  As many healthcare firms consider mobile onsite shredding, it’s useful to be familiar with the HIPAA Security Rules to ensure compliance.

HIPAA laws see the bottom line in absolute terms on any data breach:  it’s your responsiblity.  So if you’re a healthcare firm considering mobile onsite shredding, what are the crucial components of a mobile data destruction service and what should you consider?

• Qualified – Even though the service is onsite, you’re still entrusting your electronic data equipment to a third party. Employees should be bonded and trained on the contracted data destruction service.   The shredding company should possess the ability to shred a solid state drive (SSD) to 2mm shred size or provide conventional server and desktop hard drive shredding. They should also provide adequate certifications for equipment and processes from the Department of Defense (DOD) and National Security Agency (NSA).
• Certificate of Destruction – A certificate of destruction, including serial numbers for all pieces of equipment, should be provided to confirm data has been destroyed.
• Video verification – Added security can be provided by continuous videotape verification documenting all shredding activities inside the mobile truck.
• Asset Transfer Form – Provides a summary of assets that were destroyed onsite by your third party service provider.

Is your healthcare-related company at risk due to data destruction unknowns?  To find out how onsite mobile shredding can help avoid a HIPAA data breach, please contact your IT equipment VAR for more information.