Does anyone adhere to hippa data secuarty policy's ???????

A got a inquiry from a large hospital district in my area, they oversee eight area hospitals, and have tons of e-waste on a regular basis they are asking about HIPPA any one familiar with these policy's. I got some work to do.

I cant see the hospital turning that equipment over to a company or private individual with out being covered by a bond.

There are many types of bonding, in your situation I would suspect a security bond would be required in order to perform the data destruction.

The medical places I deal with remove and dispose of their own hard drives. When I find one that was missed, it is returned on the next pickup. I have looked into a hard drive shredder and may get one in the future. May also look into an overwriting program. I think I would have to get that approved by my sources first.

Thanks miked for your input
I agree there are no concrete policy's to follow the company doing it now is a very large non profit that charges them for every thing 10.00 a hard drive. They came to us looking for a new vendor I hope I can accommodate them if feasible.

Originally Posted by miked

I have done some reading in the past on HIPPA requirements and in my opinion the responsibly and how to accomplish the destruction is left to you and your client.

If the government regs were clear on what is acceptable for destruction it would be simple but being they are NOT specific it puts the onus on you and your client.

I believe that if you contact an insurance company that insures those held to the HIPPA regs you will find out if your procedures will be "good enough". In answering to the questions of hospital you want to do business with you I think you need to satisfy their insurance company and their lawyer. The problem for you is you don't know either's requirements.

If you are serious about this business you can also do some research on the companies who are doing this service now. Perhaps start with a search of the web sites of companies currently performing the destruction. I suspect that the earlier poster was correct having a bond in place that will cover you and the client. As far as the equipment a shredder for hard drives and ability to video record the destruction. You may need to work mobile so an employee of the client can verify the destruction. Good luck with it. Mike

Thank you so much for sharing that info with me I am going to e-mail the head of the IT Dept and suggest we do the same I know the bond is not that expensive what bond amount are you using? Thanks again

Originally Posted by armygreywolf

I am insured (bonded) as I do deal with medical e waste pickups. When the policy was written we went over HOW data would be be best handled for compliance requirements and the conclusion as been ON SITE PHYSICAL DESTRUCTION ONLY.

For me that has become a 1/3rd horsepower tabletop drill press. If this service is to be performed it is free but any material recovered I do not pay for including the machines they came out of. In addition the IT department can then log asset tags and properly report them destroyed for their requirements.

To be as specific as possible, when you are using a drill press, YOU MUST DRILL THROUGH ALL PLATTERS. I use a self guiding drill bit (one with a much smaller starting tip) that permanently warps the platter from pressure and drills through it. Laptop drives only need to be hit with a ball peen hammer to destroy, I enjoy doing them. Some companies want more than one hole, others only need one hole, doesn't matter to me but according to DoD a single hole or deflected platter renders them entirely unreadable.

There is also less invasive. You can immerse your drives (they are all vented, that's how they work, the head flies on a micron or less thick cushion of air)in a alkali solution (A mild solution) for ten or fifteen minutes and that too will destroy the drives as effectively as anything else. This can be messy after the fact because even when removed from the solution most of them will still be filled inside after which...if left alone for a few days will make them pretty nasty inside.

A DoD 7 pass wipe done by a certified program that produces a serial numbered "yes this drive has been wiped" is also acceptable.

Ohh one last thing, if you accept material off site, and or transport to be processed off site (at your shop) you need secure storage for the drives. I've avoided this need for government, financial and medical requirements so far BUT when it's time a free standing gun safe would probably work perfectly. After all this, you STILL need to follow up with your insurer so the policy is in order.

Originally Posted by armygreywolf

1 million
Thanks again for sharing you policy's.

I am the only one allowed to handle secure data, which means until we change policies and include Mudlucky (Ken) anything secure coming in accidentally has to be destroyed and recorded.

Thanks again for sharing or policy's it should help me.

Ill bring my ideas to the table I have some good ones but no capital and or time to do them.

A international or cab over truck with a paper and harddrive shredder would be sweet. I know a few places that pay big money and demand physical distruction on site and even get a cd or file attachment of a camera installed in the machine showing each hd get placed in truck and inside being destoyed. Not hard to set up any of us could do it.

Killing it with a magnetic field is fairly easy. You would want to use ac and vary the frequency up down or vise versa. Google it you could easily make this in a weekend at home if you scrap.

Drilling a few holes and smashing ic chips will work to most customers satisfaction. Maybe a business with a few different levels. One we take whole unit for free then process and sell ewaste or just harddrive and paper simple distruction physically or more money you degausse it and then shred and give waste back lol or keep. Like 25 a hard drive. or more. I talked to a guy who works for somone and asked why dont you take the ewaste too. They said all his trucks are so full and busy each day they cant keep up with the demand to charge a large fee and destroy hd.

If your truck cost 20k to set up and you kill 100 hd at 20 each a day in 10 business days you payed off your investment.

I got a truck can anyone pay my scrap business overhead so I can start to make other scrap like businesses that pay better.

You see scrap prices are low and since they were high a lot of big money came into scrap in last 5 years so lots of big giant overweight business models around all fighting for the last of the pickings.

This is happening in ewaste too now. You think Basel will let anyone cut corners to make profit. Profit is the business model not recycling. Its sad because places like me are getting pushed out....... then the cycle starts over.

You can still make money in niches in recycling I got one but no money. Its batteries. but you need to be at the top of the volume food chain to make the money I could make 7 years ago for fun.

I swear life as soon as you get adjusted to the new normal it changes again and your uncomfortable. Sitting at home watching the kids is seeming better each day. LOl thats a joke man our wives have hard jobs. Tomorrow Im working at my shop and my wife can come home..