Hipaa compliance and removable drives


DataPort 10 Secure

It is essential that hospitals, medical research organizations and foundations are HIPAA-compliant in their data storage and handling practices so that patient data and proprietary information is not compromised. CRU provides removable hard drives and equipment that help organizations achieve HIPAA compliance for data security.

According to the Health Insurance Portability and Accountability Act of 1996 (HIPAA):

A covered entity or business associate must, in accordance with §164.306… “Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in §164.308(a)(4).1

A CRU removable drive uses a drive carrier that houses an SSD or regular hard drive that can be inserted into a computer workstation, allowing you to access the data on that drive. It also allows you to remove the data from the computer and store it in a separate location. Many organizations use this functionality to store copies of their data in secure locations, which may be used to fulfill the above requirement.

As well, data encryption and decryption is an addressable specification within HIPAA that must be implemented if it is reasonable and appropriate to do so. 2

CRU’s removable drives can be configured with AES-256 encryption, which is the de facto encryption standard used by the U.S. and other governments. Our implementation of 256-bit encryption has been validated to FIPS 140-2 (certification number 1471).

The encryption engine is built into the removable hard drive itself and encrypts the full disk without the need for more software. This ensures that there’ll be no loss in speed when you access data on the removable hard drive.

A CRU encrypted removable hard drive also comes with physical keys that are specific to that enclosure or receiving frame. One of the keys needs to be inserted into the enclosure before the host computer can read the data on the disk. With proper access control to these keys, this level of protection makes it essentially impossible to hack into the drive.

To learn more about CRU removable drives that are HIPAA compliant, contact one of our sales representatives via email or give us a call at 1-800-260-9800 or