01
Inventory & pickup
We arrive on-site with serialized security totes, log every asset against your tag, and seal the totes in front of your staff. You get a signed pickup manifest before we leave.
Service
Certified Data Wiping & IT Asset Disposition
Retiring old workstations, servers, or imaging gear? We wipe them to NIST 800-88 standards and hand you the audit-ready paperwork PHIPA expects.
What you get
Real outcomes — not a feature list.
PHIPA-aligned chain of custody
Every device is logged, sealed, and tracked from your front desk to the wiping facility — so patient data is never unaccounted for, even for an hour.
Serialized certificates of sanitization
You receive a signed certificate per device listing serial number, asset tag, sanitization method, technician, and date — exactly what a privacy officer or IPC investigator needs.
NIST 800-88 Purge & Destroy
Software-based purge for reusable drives, physical shredding for failed or end-of-life media. SSDs, HDDs, mobile devices, and imaging units all handled correctly.
R2v3 responsible recycling
Anything that can't be re-deployed is recycled through an R2v3-certified downstream partner. Zero landfill, zero export to non-OECD countries, full environmental compliance.
How it works
A clear path. No surprises.
02
Chain-of-custody transport
GPS-tracked transport to our R2v3 / ISO 27001 facility. Totes are scanned in, weighed, and reconciled against your manifest within 24 hours.
03
Sanitize or destroy
Healthy drives are wiped to NIST 800-88 Purge using software validated by NIAP; failed, encrypted-locked, or end-of-life media is shredded to ≤6mm particle size. Every step is video-logged.
04
Certify & report
You receive a PDF certificate per serial number, a destruction report, and a recycling-downstream report — typically within 5 business days of pickup.
Certifications
Audited standards — not marketing language.
Every wipe and destruction is performed under independently audited frameworks. The badges below correspond to live certifications you can verify by request.
R2v3 Certified
Responsible Recycling v3
ISO 27001
Information Security Mgmt
NIST 800-88
Purge & Destroy
NAID AAA
Destruction Member
PHIPA Aligned
Chain of Custody
Zero Landfill
No export to non-OECD
Detailed breakdown
From your front desk to a certificate — exactly what happens.
1. On-site inventory
Serialized security totes arrive at your clinic. Every asset is scanned against your tag, photographed, and sealed in front of your staff. You sign the manifest before anything leaves the door.
- Tamper-evident seals
- Per-asset photo log
- Signed pickup manifest
2. Tracked transport
GPS-monitored vehicles move sealed totes directly to our R2v3 / ISO 27001 facility. No intermediate stops, no co-loaded freight. Totes are re-scanned and reconciled within 24 hours of pickup.
- GPS chain of custody
- Bonded drivers
- 24-hour reconciliation
3. Sanitize or destroy
Healthy drives are wiped to NIST 800-88 Purge with NIAP-validated software. Failed, encrypted-locked, or end-of-life media is physically shredded to ≤6mm particle size. Every step is video-logged against the serial number.
- NIST 800-88 Purge
- ≤6mm shred for SSD/HDD
- Per-serial video evidence
4. Certify & report
Within 5 business days you receive a PDF certificate per serial number, a master destruction report, and a downstream recycling report — the exact documentation a privacy officer or IPC investigator expects to see.
- Per-device certificate
- Master destruction report
- R2 downstream report
Why it matters
The risk lives in what you forgot to destroy.
PHIPA defensibility
Reset and quick-format leave recoverable PHI. Certified sanitization is what custodians can point to when asked to prove data was destroyed.
Audit-ready paperwork
Serialized certificates and downstream reports give you a clean paper trail for IPC inquiries, college audits, and cyber-insurance renewals.
Breach-risk reduction
Most clinic breaches from old hardware happen between 'unplugged' and 'destroyed'. Locked custody closes that gap.
Sustainable & ethical
R2v3 forbids landfill and prohibited export. Working drives are re-deployed; only true e-waste is shredded and recycled responsibly.
Standard formats and factory resets leave recoverable data on the drive. Under PHIPA, custodians are responsible for ensuring PHI is destroyed in a way that prevents reconstruction. NIST 800-88 Purge (or physical destruction) is the documented standard — and it's what your certificate attests to.
Our downstream facility is R2v3 (Responsible Recycling, version 3) and ISO 27001 certified, with NAID AAA membership for destruction services. We can provide certification numbers and audit letters on request.
Yes. NIST 800-88 Purge using validated software keeps the drive fully functional while making any previous data unrecoverable — ideal for repurposing workstations inside the clinic or donating equipment.
We wipe in place before the leasing company collects, and provide the certificate to both you and the lessor. This protects you from being on the hook for PHI that travels back with returned hardware.
Ontario healthcare clinics
trust Northline for
- PHIPA compliance
- Microsoft 365 done right
- Cybersecurity & threat protection
- Managed IT & helpdesk
- Canadian data residency
- Breach response readiness
- Audits & risk assessments
Our mission
Every clinic in Canada runs on patient trust. The moment that data is exposed, that trust — and the practice — is at risk.
Generic IT providers treat a medical clinic like any other small business. We don't. Northline exists to make PHIPA-grade security and compliance achievable for clinics of every size, from solo practitioners to multi-location groups.
We're building the IT partner Canadian healthcare actually deserves — one that understands the law, keeps your data in Canada, and lets you focus on patients instead of passwords.
Ready to talk about certified data wiping & it asset disposition?
Book a free 30-minute call. We'll walk through your clinic's setup, answer your questions, and tell you honestly whether we're a fit.