HIPAA Media Destruction SOP (Step-by-Step)
HIPAA Media Destruction SOP (Step-by-Step)
Purpose: Ensure compliant sanitization/destruction of media with ePHI (HIPAA 45 CFR ยง164.310(d); NIST SP 800-88).
2) Method Selection
- Determine Clear/Purge/Destroy based on media type and reuse.
3) Execution
- Perform selected method (e.g., crypto erase, degauss, shred).
- Document tool, serials, operator, witness, timestamps.
4) Verification
- Validate results (hash/visual/certification) and record certificate #.
5) Disposal & Recycling
- Use vetted vendor; maintain BAA if applicable.
- Ensure environmental compliance and documentation.
6) Records & Review
- Update asset records; store forms and certificates 6 years.
- Review failures and implement corrective actions.