Ask Beth

Hi Beth,
We are going to be getting a new copier soon. Our service provider can either wipe the hard drive clean on our old machine or remove the hard drive and give it to us. It is obviously more expensive to have the hard drive removed. Have you heard of any guidelines as far as protection of PHI on old copiers that we should follow? Would having the hard drive “wiped clean” by Toshiba be adequate?

Thank you,


Dear Laura,
Great Question. I contacted our HIPAA consultant, Lorraine Mazurek, regarding your question and she said that as long as you have a Business Associate Agreement (BAA) in place nothing needs to be done as you can hold them accountable if there is a breach. However, be sure that you are using the BAA that includes the September 23 mandatory HIPAA updates. You should document when the copier is removed and by whom. Then have the company sign it so you have a signed date of when the old copier is removed and place this in a file for further referencing if needed.

God bless you,

Do you have a question for Beth? If so, send it to 

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: