Anyone know what HIPAA requires when donating machines?
Posted on 2011-03-21
We have a medium size medical group who is upgrading their equipment and would like to donate their old computers and servers to a charity we work with. This is a great idea as the local charities we work with have great causes. However, we need to determine what HIPAA requires when the machines once contained patient information because once they end up at the charity who knows who will get their hands on them. You would think this would be easy to find, but most Google searches produced websites that were pretty vague.
Anyone have a link to useful information? For example, is a DBAN autonuke enough? Is Degaussing required, can the machines and hard drives NOT be re-used and must be physically destroyed after data erase is complete?
Question is being posed for servers, desktops, and external drives as all wish to be donated.