|
Well, I've asked around and I found a company about fifty miles away that will destroy each drive and issue a c.o.d for $6 each. They claim to be HIPAA and DOD compliant. I asked them for something stating that in writing, so we'll see.
Unfortunately, they are also competing with me for escrap from this area so I wouldn't be surprised if they start marketing to the same places I'm approaching.
Success consists of going from failure to failure without a loss of enthusiasm...... Churchill
I would enjoy a definative answer as what constitues HIPPA compliant distruction of hard drives. So if you find a good reference I hope you will pass it on. Mike.
ps thanks for bringing this up again and addressing it directly. I don't feel it has been answered conclusively, Mike.
"Profit begins when you buy NOT when you sell." {quote passed down to me from a wise man}
Now go beat the copper out of something, Miked
|
HIPAA Record Retention & Destruction Requirements | eHow.com
its about halfway down
its just a guideline to follow. the certification comes from you. there is no true method that is DOD certified. i say chip em and melt em if you need to.
Last edited by Filthy; 07-12-2012 at 04:38 PM.
We're the renegades of Junk!
This was dated 2009 and is a less than interesting read. What little I took from it is that the organizations who have to be compliant with HIPPA regs are going to satisfy their liability insurance carrier. Perhaps in the end the insurance companies will determine what is good enough destruction, Mike.
http://www.naidonline.org/forms/whit...WhitePaper.pdf
ps I may have found a better reference: Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals
Lots to read and I hope someone can locate the correct reference, Mike
Last edited by miked; 07-12-2012 at 04:51 PM.
|
|
Originally Posted by Filthy
Thanks for that - in another place on the internet I saw a more specific standard referred to - another set of initials! I'll have to find it. My feeling, for what it is worth, is that I'm not nearly as trusting of wipes as I am of mechanical destruction particularly considering some of the things I've read here about recovering information.
Considering the consequences that could occur if patient information got out - I want to be sure that it is gone for good. Nothing against ehow - they have a lot of great information - but they are not a primary source about the laws . I found what the name of the standard is and now am trying to refind it in the vast universe of the internet.
|
|
Alright, found it -it's called a NIST standard and if you have the inclination and a lot of time, the paper on media sanitation is here at
http://csrc.nist.gov/publications/ni...ith-errata.pdf
that's the link I got from a government page.
http://www.hhs.gov/ocr/privacy/hipaa...rguidance.html
Last edited by Scrapette; 07-12-2012 at 04:56 PM.
|
|
Good find
Metal Recycling Entrepreneur
Find a high powered eletromagnet and make a deguasser, then rig up a press to put a 30 degree or so bend in them. They shouldnt be reconnized by operating system and the wont spin up. But, take the board off first to get some $ out of them. I don't think the value of the hard drive will be high after that because the platters will be damaged? Maybe offer each step at a price to there degree of desire or concern. With the extreme result being you hiring the competition to do the shredding?
I am not a lawyer, but if they sign a contract telling you how to destroy the data and a list of serial numbers. Then you document it...video it...How can you get in trouble? You can't know what is on there to say deguass or shread or both, it's against HIPAA? They made the decission.
I was planning on trying to make a deguasser with a couple elcromagnetic door locks? Money has been the culpret keeping me from my experiment...but I think they would work?
Metal Recycling Entrepreneur
|
I have attended auctions at a State Hospital and all the drives up for auction had been punched with the boards on don't know about degaussing. If I remember correctly a gaylord of punched hard drives went for 1,800 - 2,000. I looked at some of the drives and the punch looked more like a dent wasn't much damage but they weren't going to spin up.
This company has data destruction down and I think I can deliver similar results with my 8lb sledged and a punch.
On-Site Mechanical Destruction - $5 to $10 per hard drive
At your business or at @@@ we will destroy your hard drive on-site. We remove hard drives from computers and place them inside a specialized machine and a conical punch inside the unit delivers a staggering 12,000 pounds of hydraulic force, causing catastrophic trauma to the hard drive’s chassis while destroying its internal platter. Our machine is transportable We can bring this service to your office. Cost is $5 if the hard drive is removed or $10 if we have to remove the drive.
HD Crushinator
I looked into data destruction in California, and it seems that there are no requirements for the data destruction companies as far as being responsible to destroy documents in a certain way. The businesses that is looking to destroy their documents may have certain requirement and they are responsible for the data not the data destruction company.
there are certain certifications that data destruction companies can acquire but, they are not required in order to do business as a data destruction company. These certifications make the data destruction company more appealing. Some businesses only destroy there documents through data destruction companies that have these certifications.
This is how I understand it anyways.
Experienced Scrapper
Scrapette. In my not so distant past, I worked for IBM's Austral-Asia Headquarters in Asset Management. Our official means of doing this for IBM and GSA in New South Whales was a Scottish backpacker with a sledgehammer. I am not trying to be funny, billion dollar company....crazy red-headed man with a big hammer. You should be fine!
|
I mirror what AuburnEwaste says. The equipment to destroy these drives properly and the insurance coverage required to be handling this data are very costly. It was a big investment for us.
Your potential medical clients may ask you to produce a certificate of insurance showing your secure data coverage and also want to see your procedure for data destruction. You will face similar roadblocks when dealing with banks and other financial clients.
http://www.clrsolutionsnj.com
recycle@clrsolutionsnj.com
877-CLR-SOLU
CLR Solutions is Your Partner in Secure Data Management and IT Asset Disposition
There are currently 2 users browsing this thread. (0 members and 2 guests)
|
Browse the Most Recent Threads
On SMF In THIS CATEGORY. 
OR 
|
Posting Permissions
Register To Reply
Bookmarks