HIPAA Media Destruction SOP

Purpose: Ensure compliant sanitization/destruction of media with ePHI (HIPAA 45 CFR §164.310(d); NIST SP 800-88). 

 Section A: Authorization [ ] Complete Media Destruction Form; obtain required approvals. 

 Section B: Method Selection [ ] Determine Clear/Purge/Destroy based on media type and reuse. 

 Section C: Execution [ ] Perform selected method (e.g., crypto erase, degauss, shred). [ ] Document tool, serials, operator, witness, timestamps. 

 Section D: Verification [ ] Validate results (hash/visual/certification) and record certificate #. 

 Section E: Disposal & Recycling [ ] Use vetted vendor; maintain BAA if applicable. [ ] Ensure environmental compliance and documentation. 

 Section F: Records & Review [ ] Update asset records; store forms and certificates 6 years. [ ] Review failures and implement corrective actions. 

 Sign-Off - Performed By (print/sign/date): ______________________________________________ - Witness (print/sign/date): _________________________________________________ - Security/Privacy Review (print/sign/date): ___________________________________