> Does it comply with HIPPA?<p>If they can't be arsed to spell-check "HIPAA", I'm not entirely convinced that I should be trusting them to maintain HIPAA compliance if I decide to send them drives that potentially contain patient data.<p>That is, unless they're instead shouting about complying with sand crabs, though I'm still concerned in either case.<p>> The easiest way to destroy your hard drive.<p>You mean other than nuking it with DBAN or shred and then taking a hammer to it and/or burning it in a fire?<p>> Same methods, machines and processes used by banks and recommended by the NSA<p>Yeah, because banks and the NSA are <i>obviously</i> bastions of trustworthiness. </sarcasm><p>> Place the sealed box in any UPS dropbox or schedule a free pick-up.<p>This seems to be a rather significant point of potential failure. While I certainly like UPS better than the USPS (or - God forbid - FedEx), I'm not inclined to go with this approach rather than take drives to a local data destruction facility and/or destroy them myself.<p>If you're going to send me a box, it had damn well better be one with a good locking mechanism and some measure of tamper resistance and/or evidence. Even that's not surefire, but it's sure as hell better than "here's a cardboard box; trust us, it's secure enough".<p>The idea's cute and creative, but when it comes to things like EHRs and such that require <i>absolute</i> confidentiality and security to a degree that would make top-notch military agencies and veteran cryptonerds blush, neither "cute" nor "creative" are good selling points.