We all value our privacy! In this modern era, businesses collect vast amounts of amount, but computers don’t last forever. For that reason, we have to occasionally replace and recycle our old pieces of technology such as desktops, laptops, smartphones, and even individual components such as hard drives.

The perfect example of this can be changing your old desktop hard disk drive (HDD) to a newer and faster solid-state drive (SSD). But wait! Before you toss your old computers in the trash, you need first to identify any regulation that would forbid you from simply dumping an old hard drive.

This article shall guide you on how to dispose of your old hard drives properly, specifically while maintaining HIPAA & PCI compliance. For doctor’s offices, financial advisors, and alike, hard drive disposal is a sensitive topic as a hard drive contains much confidential information from client PII to proprietary business documents. It is essential to dispose of it properly so that your relevant regulatory body does not fine your company.

Before disposing of your old hard drive, it is good to know why it is essential to do it properly. An average company’s computer hard drive may contain social security numbers, credit card information, pictures, and other data that may be federally protected.

This information can remain on the hard drive for a long time even after formatting it, and hackers can use advanced data recovery tools to restore deleted data. Thus, it is essential to properly destroy a hard drive before donating a computer or throwing it away. Be sure to back up all of your crucial data from your old drive to a new one before disposing of the old one.

Destroying your Hard Drive in Compliance with HIPAA & PCI

HIPAA (Health Insurance Portability and Accountability Act) is a United States law that gives data privacy and security arrangements for protecting medical data. The law has been in the spotlight for the past years with the numerous health data breaches brought about by cyberattacks on health providers and suppliers.

If your company stores health data on your customers, you must follow HIPAA guidelines. HIPPA covered entities include doctor’s offices, insurance companies, and health maintenance companies. Additionally, if your company services HIPAA-covered entities, e.g., you are a Managed Service Provider or third-party billing service, you must also be HIPAA compliant.

If you are destroying a hardware piece such as an old laptop, computer, or hard drive, it is vital to eliminate the area that contains sensitive information completely.

Whenever destroying a hard drive or any other hardware piece, one must comply with the aforementioned regulations. Not only will following these guidelines ensure you are legally compliant, but these protocols will ensure that that your sensitive data is disposed of properly.

After understanding the HIPAA & PCI Standards, we shall discover some ways to dispose of a hard drive correctly.

Data Wiping Programs

This might be one of the easiest methods to destroy a hard drive. This method does not require any hardware disruption. A simple data wiping program might do the trick.

Advantages

The method is straightforward and does not require your computer to be opened to destroy the hard disk physically. Another benefit of this method is that, if done correctly, you can save your hard drive from being eradicated so that you can use it again. Notable data wiping programs are available easily on the website at a low price or even free.

Disadvantages

This method’s main disadvantage is that it does not comply with the HIPAA & PCI standards. The hardware is not physically destroyed, and sensitive information could still get leaked later.

Physically Destroying the Hard Drive

No matter how good or expensive a data wiping software is, there are always traces of data in your hard drive. Multiple passes of writing zero to your disk certainly make it more difficult to restore data, but there are still advanced forensics techniques that could, in theory, recover data.

This is because traditional hard drives store data in the form of magnetic fields, and no matter how hard you try, the software cannot remove all traces of the data. The only way to ensure that the data is permanently unrecoverable is for the hard disk to be destroyed physically.

To get started, first locate where the hard drive resides in your laptop or desktop computer. Every model has its own design, and access to the physical hard drive varies from one model to other. In some models, the hard drive is easily accessible and can be removed easily, while in some, it might not be as easy as others. For that particular reason, it is recommended that you do some research to properly open your laptop or computer and remove the hard drive without damaging the other components. If you are ever unsure about the steps required, please contact an experienced IT professional.

After getting your hands on the hard drive, store it securely, ideally in a locked room or safe. If you are HIPAA or PCI compliant, at this point, we’d highly recommend you search for a nearby, reputable, and licensed hardware disposal company. It would be best if you asked them about their disk disposal process. They should be zeroing the disks multiple times at a high level, then shredding the entire disk, including circuit boards. A reputable company will provide a certificate of destruction.

If you are not HIPAA or PCI compliant, we’d still recommend physically destroying the disk. We have seen many small business owners that aren’t held to any regulatory compliance laws physically destroy disks themselves. However, it’s always best to play it safe and pay for certified destruction, especially when dealing with sensitive customer information.

Advantages

This method’s main advantage is that it can completely wipe the data off your hard disk and leaves no traces behind. The other main advantage of this is that it complies with the HIPAA & PCI Standards, as all the parts of the hardware are annihilated, and malicious actors can’t extract any sensitive information from the disk.

Disadvantages

Besides the fact that you can not use your hard drive again, this method is all good. If you are looking to donate or sell the hard drive, this method is not suitable, but what is the point of upgrading your hard drive if you will use the old one again!