HIPAA Media Destruction SOP

Purpose: Ensure compliant sanitization/destruction of media with ePHI (HIPAA 45 CFR §164.310(d); NIST SP 800-88).

Section A: Authorization
[ ] Complete Media Destruction Form; obtain required approvals.

Section B: Method Selection
[ ] Determine Clear/Purge/Destroy based on media type and reuse.

Section C: Execution
[ ] Perform selected method (e.g., crypto erase, degauss, shred).
[ ] Document tool, serials, operator, witness, timestamps.

Section D: Verification
[ ] Validate results (hash/visual/certification) and record certificate #.

Section E: Disposal & Recycling
[ ] Use vetted vendor; maintain BAA if applicable.
[ ] Ensure environmental compliance and documentation.

Section F: Records & Review
[ ] Update asset records; store forms and certificates 6 years.
[ ] Review failures and implement corrective actions.

Sign-Off
- Performed By (print/sign/date): ______________________________________________
- Witness (print/sign/date): _________________________________________________
- Security/Privacy Review (print/sign/date): ___________________________________

HIPAA Media Destruction SOP

HIPAA_Media_Destruction_Form

HIPAA_Data_Recovery_Form

HIPAA_Data_Recovery_SOP

HIPAA Media Destruction SOP

No Comments