We are going to be getting a new copier soon. Our service provider can either wipe the hard drive clean on our old machine or remove the hard drive and give it to us. It is obviously more expensive to have the hard drive removed. Have you heard of any guidelines as far as protection of PHI on old copiers that we should follow? Would having the hard drive “wiped clean” by Toshiba be adequate?
Great Question. I contacted our HIPAA consultant, Lorraine Mazurek, regarding your question and she said that as long as you have a Business Associate Agreement (BAA) in place nothing needs to be done as you can hold them accountable if there is a breach. However, be sure that you are using the BAA that includes the September 23 mandatory HIPAA updates. You should document when the copier is removed and by whom. Then have the company sign it so you have a signed date of when the old copier is removed and place this in a file for further referencing if needed.
God bless you,
Do you have a question for Beth? If so, send it to firstname.lastname@example.org