HIPAA Data Security: Encryption & Destruction
Here are some of the more commonly-asked questions over time pertaining to HIPAA compliance:
HIPAA data security compliance spans computer hard drives, media and paper documents. Each must have it's own plan to maintain data lifecycle privacy from encryption, retention and retirement (destruction). Some healthcare entities choose to do their data destruction in-house while others will outsource this to various data destruction companies that also other governmental agencies.
HIPAA Data Encryption
To meet HIPAA regulations, all computer hard drives must be NIST-certified and use AES hardware encryption with two-key access to read/write data on the hard drive.
HIPAA Data Destruction
High-Security Paper Shredding
To meet HIPAA regulations, all HIPPA-compliant paper shredders must be designated High Security, which means they are NSA and DoD approved to produce "unreconstructible" paper segments.
Hard Disk Destruction
To meet HIPAA regulations, all hard drives and media disks that will be taken out of use must first be degaussed and then "destroyed" as per NSA and DoD certification. Hard drive destruction involves physical bending, mangling, and breaking of the drive units so that the disks inside cannot possibly be spun up or read from.
There are hard disk "Destroyer" products available on the market that meet HIPPA regulations for data destruction compliance.