As technology changes, upgrades are inevitable. It might be because our older equipment just doesn’t do the job anymore or because it has parts that are dying. However, this creates a massive strain on landfills that are overflowing with outdated computers and devices. Because of this, recycling or donating is a far better way to dispose of your old devices. There are a lot of good uses for older computers that can be found. But before you do that, you will want to give some thought to HIPAA and how it impacts your plans.
Modern computers are very robust and have been built to not lose data. When you delete a file in Windows, the file isn’t actually deleted. Windows simply adds the space the file occupies to its list of where it can save files. This means that as new files are written to the hard drive, eventually the area the deleted file occupies will be used. But if you have a large hard drive, this can take a long time. Even if part of the space the file uses is used, the remaining part still exists. You may have seen many horror stories of used computers being sold on sites like eBay and the buyer finding lots of private or confidential information. In fact, on one occasion, hard drives used by the US Air Force were purchased and top secret missile defense information was found on the drives.
One more thing to keep in mind is that even if the file is written over by Windows, sometimes it can still be recovered. That is why it is critical to ensure that any computers or devices you wish to donate have been appropriately sanitized before doing so.
Professional disposal companies can recycle your computers and provide you with a certificate of destruction for your HIPAA documentation. However, in this quick lesson, we are going to focus on computers you wish to donate. The ideal way is to remove the hard drive and donate the computer without it. The donation location can purchase a new drive very inexpensively to get the computer working again. From there, you would destroy the drive itself to ensure that your data is safe. If you do wish to donate the computer with the hard drive included, then the entire drive needs to be wiped. There are freeware programs such as DBAN that be used to overwrite everything multiple times to ensure that nothing is recoverable. Iron Comet cna handle this for you and provide a certificate of data destruction. The computer can then be safely donated.
For portable devices such as tablets, you can use the factory reset in the devices settings to ensure the data is wiped. This works in a different way than a PC. All modern portable devices use encryption to ensure that all data on them is itself encrypted. When you reset the device to factory settings, the decryption key is securely deleted making it impposible to decrypt the data. So even if the data were undeleted, it wouldn’t be readable.
Before donating, or even throwing away, old devices, make sure the data on them has been secured. This is true for your personal devices but even more so for devices that contain PHI. Don’t be the next breach story on the news for throwing out devices containing your patient’s information.