The purpose of the Device and Media Control Disposal Policy is to establish guidelines for appropriately dispose of information systems and electronic media containing ePHI when it is no longer needed.
Definitions
- Device: For the purposes of this policy devices are considered to be electronic hardware (including but not limited to workstations, personal computers, servers, laptops, copiers, fax machines, and handheld units) with storage capability to record and save ePHI.
- Storage Media: Including but not limited to disk drives, tapes, floppy disks, CD’s, zip disks, flash cards, USB memory sticks, optical disks, and hard copies.
- Data sanitization: Data sanitization refers to the process of permanently and irreversibly removing or destroying data that is stored in a system or a component of the same such as memory device. Data Sanitization may also be used on standalone storage devices.
Disposal
Covered Entities and Business Associates must remove storage devices from all systems prior to their disposal (or return upon the end of their lease) and either sanitized of data or destroyed. Whenever possible storage devices should be removed from any systems that must be sent out for repair or replacement and reinstalled when the system is returned. If removal is not possible these systems must be given to Business Associate with the capabilities to remove, sanitize or destroy the data or the actual physical components to ensure that the data previously housed is inaccessible.
All ePHI on decommissioned devices and storage media must be irretrievably destroyed, in order to protect the confidentiality of the data contained. If the device or media contains ePHI that is not required or needed, and is not a unique copy, a data destruction tool must be used to destroy the data on the device or media prior to disposal.
For the purposes of this policy reformatting shall not be considered a reliable option as the same may does not overwrite the data. If the device or media contains the only copy of ePHI that is required or needed, a retrievable copy of the ePHI must be made prior to disposal. As a rule, team members should consider the source and the information provided below in terms of guidance and actions to follow:
- Removable magnetic "disks" (floppies, ZIP disks, and the like) and magnetic tapes (reels, cartridges) can be "degaussed" by an appropriately-sized and -powered degasser or physically destroyed.
- Fixed internal magnetic storage (such as computer hard drives), as well as removable storage, can be cleansed by a re-writing process. Software is used to over-write all the usable storage locations of a medium. The simplest method is a single over-write; additional security is provided by multiple over-writes with variations of all 0s, all 1s, complements (opposite of recorded character), and/or random characters.
- Optical media (such as CD-RWs) may be processed via an overwrite method. This is not the case for the vast majority of "write-once" optical media in use (notably the CD-R) because such media are optical rather than magnetic, they cannot be degaussed. For the write-once variety, only physical destruction will do.
- Removable "solid state" storage devices such as “flash memory" devices are solid state and are non-volatile (the memory maintains data even after all power sources have been disconnected). Examples include CompactFlash, Memory Stick, Secure Digital, SmartMedia and other types of plug-ins, and a range of "mini-" and "micro-drive" flash devices that use USB or FireWire ports. Secure overwrites (following manufacturer specifications) are possible for these media as well. Neither degaussing nor over-writing offers absolute guarantees. Unless, of course, one is willing to disintegrate, incinerate, pulverize, shred, or smelt. As with paper, the method of disposal depends on the perceived risks of discovery, and estimates of the type of threat.
- Paper containing sensitive information should be shredded. Strip cut shredders (also called straight cut or spaghetti cut) render paper into thin, long strips. Cross-cut shredders (also called confetti cut) provide both length-wise and width-wise dismemberment – generating from a few to many hundreds of pieces per shredded page.