Whatever you do, you always want to make sure that you stay compliant with HIPAA. In one case between Affinity Health Plan Inc. and the US Department of Health and Human Services, they ruled that the Bronx-based company owed $1,215,780 because of violations under the HIPAA Privacy and Security Rules.
The Office for Civil Rights believed that Affinity may have revealed the health information of around 344,579 persons. How did it happen? They sent back numerous photocopiers to the leasing agent, but they failed to erase the data found on the hard drives of the copiers. During the investigation, they also discovered that Affinity did not use electronically protected health information on the hard drives, which is one of the security rules of HIPAA.
If you work in the healthcare industry, you have to make sure that you follow proper procedures for deleting the information found on the hard drive. This can be done through removing or wiping the hard drive. However, before you sell or lease the photocopier to another person, you want to make sure that HIPAA will not be knocking on your door later. When you consider the amount of trouble and loss of business reputation for failure to comply, it is easier to just wipe the hard drive or remove it.