HIPAA & Disposal of Protected Health Information
Is your organization required to comply with HIPAA privacy standards? If so, you’ve probably heard the term PHI – which is short for Protected Health Information. In the past we’ve written about how Protected Health Information must be rendered “Unusable, Unreadable, or Indecipherable to Unauthorized Individuals” — and that leads HIPAA covered entities and business associates to be especially careful about encryption at rest, encryption in-transit, and authentication.
However, today we’d like to take a step beyond that, to a day that no one enjoys but everyone experiences at some point. What happens when a hard drive containing Protected Health Information fails? The problem that most organizations face on that day, is the uncertainty about how to dispose of this type of storage device if they don’t have the luxury of being able to use software-based utilities for clearing it’s contents.