What Are HIPAA Hard Drive Wipe Requirements?
Hard drives store data, including protected health information (PHI). The Department of Health and Human Services’ guidance on removal of this data is broad: “Appropriate methods for removing ePHI from electronic media prior to reuse or disposal may be by clearing (using software or hardware products to overwrite media with non-sensitive data) or purging (degaussing or exposing the media to a strong magnetic field in order to disrupt the recorded magnetic domains) the information from the electronic media. If circumstances warrant the destruction of the electronic media prior to disposal, destruction methods may include disintegrating, pulverizing, melting, incinerating, or shredding the media.”
HIPAA hard drive wipe requirements incorporate the activities of clearing, purging, and destruction. Each of these three methods is an example of a sanitization technique. NIST 800-88 Rev. 1 is the NIST publication on media sanitization. NIST publication defines “media sanitization” as a process that renders access to target data on the media infeasible for a given level of effort. HIPAA hard drive wipe requirements involving sanitization are discussed in further detail.
HIPAA Hard Drive Wipe Requirements: Clearing
One of the HIPAA hard drive wipe requirements is known as clearing. Clearing is the process of using software or hardware products to overwrite media. Overwriting is the process of recording over previously stored magnetic hard drive data with random or specified patterns. The overwriting can be performed once (“in one pass”), or several times (“multiple passes”). However, overwriting may not reach all potentially “overwritable” areas on a magnetic hard drive, leading to an incomplete erasure. NIST recommends that if overwriting is to be performed on magnetic hard drives, that it be accompanied by implementation of dedicated sanitize commands. These commands result in more thorough erasure. A limitation of overwriting is that conventional overwriting does not work on non-magnetic hard drives.
HIPAA Hard Drive Wipe Requirements: Purging
Another one of the HIPAA hard drive wipe requirements is known as purging. Purging a hard drive is accomplished through a process known as degaussing. Degaussing exposes the magnetic components of the hard drive to a magnetic field. The components of the hard drive are stored as magnetic data. The degaussing process fully erases data.
HIPAA Hard Drive Wipe Requirements: Destruction
Another one of the HIPAA hard drive wipe requirements is known as destruction. Today, many hard drives incorporate solid state drive (SSD) technology. Instead of using magnetic components, Solid-state drives (i.e., flash drives, SD cards, USB drives) rely on an embedded processor, or “brain”, and interconnected flash memory chips that retain data even when no power is present. Degaussing cannot sanitize non-magnetic media such as SSD technology. Since this technology cannot be sanitized through purging, it must be sanitized through destruction. One method of destruction is shredding. Shredding requires use of a shredding device that must be capable of cutting the devices into as many tiny pieces as possible, without the device becoming stuck in the shredder during the process. Additional destruction techniques include disintegrating, pulverizing, melting, or incinerating the hard drive, so that all data has been destroyed.
HIPAA Hard Drive Wipe Requirements: Keeping Track of Sanitization
To demonstrate that data has been rendered irretrievable, providers and business associates should prepare a detailed certificate of sanitization for each hard drive that has been sanitized. A sample certificate of sanitization can be found as “Appendix G” to the NIST publication. This certificate can be printed or electronic, and serves to validate that hard drive data has been rendered irretrievable. The certificate typically lists each storage device by serial number. A detailed certificate also describes the type of sanitization (i.e., Clear, Purge, Destroy), method used (i.e., degauss, overwrite, block erase, crypto erase, etc.), and the type of verification methods used.
