You are here:  
  1. Home
  2. HIPAA Data Disposal

HIPAA Data Disposal

Health Insurance Portability and Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.

Who is subject to HIPAA?

The entities that must follow the HIPAA regulations are collectively known as “covered entities.” Covered entities can be broadly broken down into three categories” Health Plans, Health Care Providers and Health Care Clearinghouses. A partial list of covered entities includes: • hospitals • clinics • doctors • psychologists • dentists • chiropractors • nursing homes • pharmacies • home health agencies • other providers of healthcare • health plans • healthcare providers • healthcare clearinghouses • health insurance companies • health maintenance organizations • government programs that pay for healthcare (Medicare for example) • military and veterans’ health programs

Medical and Hospital Electronics
Please fill the required field.
Please fill the required field.

What data is subject to HIPAA?

HIPAA protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information "protected health information (PHI)."

“Individually identifiable health information” is information, including demographic data, that relates to:

  • the individual’s past, present or future physical or mental health or condition,
  • the provision of health care to the individual, or
  • the past, present, or future payment for the provision of health care to the individual,

and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual. Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number). 

Image

What is the HIPAA Data Destruction Standard?

Proper disposal of electronically stored data is required under HIPAA as stated at 164.310 (d)(1) and 164.310 (d)(2)(i):

“Implement policies and procedures that govern the receipt and removal of hardware and electronic media that contain electronic protected health information into and out of a facility, and the movement of these items within the facility.”

And

“Implement policies and procedures to address the final disposition of electronic protected health information, and/or the hardware or electronic media on which it is stored.”

These sections of the HIPAA law speak to Access Control, Accountability and Disposal, among other topics, however to get down to the specifics of what you must do to meet the standard, we must also look at the Department of Health and Human Services guidelines, which point to NIST Special Publication 800-88, as well as the document HHS HIPAA Security Series 3: Security Standards – Physical Safeguards, while providing the following general guidance for proper disposal of Protected Health Information (PHI)”

  • “For PHI on electronic media, clearing (using software or hardware products to overwrite media with non-sensitive data), purging (degaussing or exposing the media to a strong magnetic field in order to disrupt the recorded magnetic domains), or destroying the media (disintegration, pulverization, melting, incinerating, or shredding)”

Moving on to HHS HIPAA Security Series 3: Security Standards, the HHS provides the following guidance:

  • “When covered entities dispose of any electronic media that contains EPHI (Electronic Protected Health Information) they should make sure it is unusable and/or inaccessible. One way to dispose of electronic media is by degaussing. Degaussing is a method whereby a strong magnetic field is applied to magnetic media to fully erase the data. If a covered entity does not have access to degaussing equipment, another way to dispose of the electronic media is to physically damage it beyond repair, making the data inaccessible.”

What is the penalty for failure to comply with HIPAA?

  • The consequences of willful neglect of HIPAA Rules with no effort made to correct the violation within 30 days of discover can result in $50,000 per violation with a maximum fine of $1.5 million per year.
Image

Our Expertise

We are experts at secure Hospital and Healthcare related e-waste and electronics recycling and disposal.

The number one question we get asked by Hospitals and Healthcare Providers is are you HIPAA Compliant. And our answer is YES! You need a company who understands the requirements of the job, and STS gets it.

Data Protection

STS provides its clients unbeatable and compliant data protection. Our Mobile Shredding Trucks bring the convenience of total physical destruction to your doorstep.

Asset Liquidation

STS can offer you fair market value on your IT Assets that have not lost the majority of their value due to their age or condition.

On-Site Pick-up

Our most popular service is our complimentary on-site pick-up. Our trucks are always in the area, and our trained technicians handle all the heavy lifting.

Audited Downstream

STS has built a network of certified downstream partners and recyclers who we regularly audit to ensure no electronics ever wind up in a landfill.

Live Tracking

Our fleet of secured box trucks are monitored by GPS tracking devices at all times, providing a provable and transparent chain of custody.

On-time reporting

STS will provide your team with prompt and complete reporting on the items we process from your business.

The Healthcare ITAD Journey

Image

WHY CHOOSE STS?

STS protects your business from the potential liability and expense associated with e-waste disposal and recycling, all while promoting good corporate citizenship.

STS Electronic Recycling, Inc. is leading the way to a green, safe future. We allow businesses and organizations a way to safely recycle unwanted, non-working and out-of-date computer equipment while giving back to their global and local communities.

Your equipment is safe with us

Hospitals and healthcare providers can rest easy, knowing that STS is protecting your business, agency or organization from the potential liability associated with e-waste disposal and data destruction. STS provides a transparent and trackable solution with in-depth reporting and can tell you the final destination, or End of Life, of every item or asset we recycle, include Certificates of Destruction for all data bearing devices.

You don’t have to lift a finger

You call us, we take care of the rest. We are a full-service electronics recycler with solutions for every customer. We come to you, we do all the heavy lifting. From computers, laptops and mobile devices, to servers, networking equipment, peripherals and telecom equipment, we have got you covered.

AuditLive™

AuditLive is our asset auditing, tracking and check-in, check-out inventory management system. Tracking and auditing assets as we recover them makes the IT Asset Disposition (ITAD) process more accurate and more secure, which means our customers know the exact value of every asset.  


You get value for your valuable equipment

We are always looking to improve our customers bottom line in the form of a fair market value quote on equipment that is still in good working condition. Our computer liquidation and ITAD service is unmatched. STS can audit your equipment item by item and pay you based on the result of that audit.

About STS Electronic Recycling

STS Electronic Recycling, Inc., an a EPA Compliant IT Asset Disposal Service Provider and Recycler based in Jacksonville, Texas, provides free computer, laptop and tablet recycling as well as computer liquidation and ITAD services to businesses across the United States. R2v3 Certified Electronics Recycler Profile

Search

BBB Accredited A+ Rating SiteLock
TIPS Coop Awarded Vendor Profile