Skip to main content

HIPAA Media Destruction SOP (Printable Checklist)

HIPAA Media Destruction SOP (Step-by-Step)

Purpose: Ensure compliant sanitization/destruction of media with ePHI (HIPAA 45 CFR ยง164.310(d); NIST SP 800-88).

1)Section A: Authorization
-[ ] Complete Media Destruction Form; obtain required approvals.

2)Section B: Method Selection
-[ ] Determine Clear/Purge/Destroy based on media type and reuse.

3)Section C: Execution
-[ ] Perform selected method (e.g., crypto erase, degauss, shred).
-[ ] Document tool, serials, operator, witness, timestamps.

4)Section D: Verification
-[ ] Validate results (hash/visual/certification) and record certificate #.

5)Section E: Disposal & Recycling
-[ ] Use vetted vendor; maintain BAA if applicable.
-[ ] Ensure environmental compliance and documentation.

6)Section F: Records & Review
-[ ] Update asset records; store forms and certificates 6 years.
-[ ] Review failures and implement corrective actions.

Sign-Off
- Performed By (print/sign/date): ______________________________________________
- Witness (print/sign/date): _________________________________________________
- Security/Privacy Review (print/sign/date): ___________________________________

Back to top