How to Shred Digital Data the HIPAA Compliant Way?
To get rid of sensitive and confidential paper documents, you must use protective measures to ensure that these documents are being destroyed completely, so that nobody can reconstruct and read the information from those documents. The most common method of destroying paper documents is to use a shredder, whether you have an in-office shredder or you use a professional shredding service. It is critical to handle the destruction of your data securely to protect your patients, to prevent identify theft, to protect your practice and to comply with healthcare compliance, such as HIPAA and HITECH rules and regulations. How do you "shred" protected health information or confidential digital data?
To keep up with technology and software requirements, it is often recommended by technology experts to upgrade or replace your computer within three to five years. What is your next step once you have upgraded your computer? Do you donate, trash or recycle your computer? Before you do any of that, you must delete the files and data off of the computer, especially if your computer contains confidential and protected health information. Deleting the data off of your computer and emptying the recycle bin are common steps people do when getting rid of old data from their computers. Although you are prompted by the system that you are permanently deleting those files, those files are not completely gone and can actually be restored from your hard drive using software recovery tools.
The same can be true with portable hard drives and USB sticks. Although you have removed all the data off of those devices, it is still possible to use a software recovery tool to restore those data. Therefore, the next time when you are ready to donate or throw out any storage devices, make sure the information that was previously stored on those devices is completely deleted and unable to be restored.
Meet HIPAA compliance with these tips the next time you "shred" your digital data:
Tip 1: Use the correct tool to "shred" your digital data
When a patient submits your practice's online dental patient forms, you will need to download those new patient dental forms to your computer and then merge them into your practice management software, such as Softdent dental software. Once the patient forms are imported into your software, you should delete the files from your download folder or desktop and clear your downloads history on your web browser. This is a temporary way of removing those data to free up some space on your hard drive, so that you can save over that space with other data.
If you are looking to donate, recycle, or trash your computer, you should use a permanent solution of shredding those sensitive and confidential data. A "digital file shredder" is simply a software that will remove your data and overwrite it multiple times with non-useful data. The best analogy to describe this process is like writing on a chalkboard. Once you erase the original written text on the chalkboard, you can still see some of the information, although it is not as clear. Once you start writing over the text, it is even harder to see what was previously written on the chalkboard. You will do this again and again until you can't see the original text. With this option, you will still be able to reuse the hard drive should you want to keep it for future use.
Tip 2: Remove and destroy the hard drive
Another way to permanently get rid of the confidential data on your computer is to destroy the hard drive completely so that the hard drive is no longer accessible by anyone. Some methods that people have used before are: burning, magnetizing, sanding, hammering, drilling, crushing, or melting the hard drive. Some of these methods are dangerous and not recommended. There is also the option of using a degausser to erase the hard drive. This process will erase the data and make the hard drive useless. Please remember the most important factor in destroying a hard drive is to make the platters inside the hard drive unreadable. An important factor to note is any of the methods listed under this tip (tip #2) will cause physical damage to the hard drive, therefore you will not be able to reuse the hard drive on a computer.
Tip 3: Test to see if your shredded digital data is still recoverable
If you plan to still use the computer at home or donate it to someone you know, test the hard drive to make sure that you can't retrieve any data. You can test it by using a data recovery software to see if the software can find any data on the hard drive that was previously erased before (see tip #1).
Tip 4: Use a professional hard drive destruction service
There are many professional companies out there that will destroy the hard drive for you for a fee by using an industrial shredding machine. The cost of shredding hard drives can range from $10 to $50 per hard drive. Do not ship your hard drives to get it shredded because you don't want them getting to the wrong person/place. Check for local hard drive shredding services in your area.
To see previous blog posts from Dental eShare, please click on the button below.
Click here to schedule a demo with us today to learn more about our online patient forms,s ecure messaging, document library, software integration to Dentrix, Dexis, Eaglesoft, Kodak Dental Imaging, OrthoTrac, Schick, Softdent, and WinOMS, and secure patient referrals system. Dental eShare can help transform your workflow and improve practice efficiency.