HIPAA-Compliant Data Destruction

HIPAA data privacy requirements are among the most widely recognized federal data protection regulations. Healthcare providers are required to safeguard sensitive patient health information throughout its entire lifecycle—from creation and use to final disposition. Maintaining control and security of this data is both complex and costly, particularly at the end-of-life stage. Regulatory-compliant and fully documented disposal records can be cumbersome, yet failure to complete this process accurately and promptly can result in significant legal and financial liability.

Industry surveys consistently identify data security as the number one concern for CIOs when disposing of data assets. For this reason, most healthcare organizations rely on qualified third-party vendors to securely destroy obsolete data media containing electronic protected health information (ePHI). Selecting a trusted, compliant vendor is essential to reducing risk and maintaining HIPAA compliance.

Can You Trust Your IT Asset Disposal Vendor?

A recent Wall Street Journal article dealing with cyber security “What Keeps CIOs Up at Night” identifies 3rd party vendors security capabilities and practices as a major concern.  It is not only a major internal data security issue, but vendor due diligence is required under most Federal and State data privacy regulations. You must maintain documentation of your 3rd party vendor’s qualifications and experience. See “Vendor Risk Management”

Under HIPAA regulations, any third party providing destruction services for electronic protected health information (ePHI) must be formally contracted as a HIPAA Business Associate. The BAA (Business Associates Agreement) requires the vendor to protect ePHI with the same level of care and security as the healthcare organization itself. Detailed requirements for the physical handling and protection of data media are outlined by the U.S. Department of Health and Human Services (HHS) in its “Security Risk Assessment Tool”

Back Thru The Future® provides NIST Special Publication 800-88 “Guidelines for Media Sanitization” compliant onsite and plant based hard drive shredding and degaussing services specifically designed for healthcare organizations. Federal and state data privacy laws require that all personally identifiable and sensitive data be securely destroyed prior to media disposal, and that destruction follow National Institute of Standards and Technology (NIST) guidelines. Because hard drives and solid-state drives are classified as electronic devices, they must also be recycled by an authorized electronics recycler. Back Thru The Future® is one of only seven Class D NJ DEP licensed electronic recyclers in New Jersey and is a Federal EPA registered Universal Waste Electronics Recycling Destination Facility. We are the only licensed recycler in NJ that is also a NAID AAA certified secure data destruction facility. Our recycling and data destruction certifications meet and exceed all HIPAA requirements.

Recycling Obsolete Medical Equipment

We provide HIPAA-compliant recycling services for obsolete medical equipment, supported by ISO 13485 quality management standards. ISO 13485 is the medical device industry’s most widely recognized international standard for Quality Management Systems (QMS) and includes specific requirements for the end-of-life disposition of medical devices.

Back Thru The Future®, through its IoMT Recycling Solutions subsidiary, has supported medical device manufacturers with compliant medical equipment recycling for more than a decade. Secure destruction and responsible recycling—rather than remarketing obsolete equipment—helps protect healthcare organizations from data breaches and reduces exposure to regulatory, legal, and patient safety liability associated with unauthorized reuse of out-of-specification or non-maintained medical devices.

Business experience and reputation

Back Thru The Future has been providing computer recycling services for over 30 years and supports in excess of 1000 clients.  We focus our secure data destruction services on industries with significant data privacy liabilities.  We presently support of 70% of all community hospitals and banks in the State of NJ. We have an excellent reputation and would be happy to provide industry references.

Articles: 

Distrust of Vendors Raises Security, Compliance Questions

Our latest health care data destruction case study.

Med Tech Intelligence – Medical Devices: Is There Life After Death?

Lab Manager Magazine – How to Securely Move Disks From Lab Instruments

100% of our client quality control surveys rate both our pre-project and
post-project communications as “Excellent”

92% of our new client quality control surveys have been returned marked “exceeded expectations”.

Our Mission is Protecting our Clients from Environmental and Data Security Liabilities
with Secure, Auditable and Compliant Recycling and Data Destruction Services.