Date: Thu, 28 Mar 2024 22:22:48 +0000 (UTC) Message-ID: <1839872420.8376.1711664568975@support.blancco.com> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_8375_1046903316.1711664568975" ------=_Part_8375_1046903316.1711664568975 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Health Insurance Portability = and Accountability Act of 1996 (HIPAA) is enforced by the Office of Civil R= ights which is part of the US Department of Health & Human Services. Fr= om our point of view it is US regulation that enforces data security includ= ing data sanitization in the health industry.
There are significant fines and punis= hments for not complying with the mandated data security practices. Non-com= pliant organization may be fined up to $250,000 and responsible individuals= imprisoned for up to 10 years.
Blancco provides products that help o= rganizations comply with HIPAA. The elements of the regulation that Blancco= erasure software cover are the ones dealing with removal and auditing of e= lectronic protected health information. Specifically the following code fro= m CFR 45 PART 164 clearly defines data erasure requirement:
=C2=A7 164.310 Physical safeguard= s.
(d)(1) Standard: Device and media= controls. Implement policies and procedures that govern the receipt and re= moval of hardware and electronic media that contain electronic protected he= alth information into and out of a facility, and the movement of these item= s within the facility.
(2) Implementation specifications= :
(i) Disposal (Required). Implemen= t policies and procedures to address the final disposition of electronic pr= otected health information, and/or the hardware or electronic media on whic= h it is stored.
(ii) Media re-use (Required). Imp= lement procedures for removal of electronic protected health information fr= om electronic media before the media are made available for re-use.
(iii) Accountability (Addressable= ). Maintain a record of the movements of hardware and electronic media and = any person responsible therefore.
The data erasure code of this require= ment can be fulfilled by using Blancco software on all media that contains = electronic protected health information. In addition to that, the reporting= and auditing features in Blancco products give a solution for the accounta= bility implementation as defined at least in =C2=A7164.310(d)(2)(iii).
Blancco software can also be used to = comply with requirements for data erasure as defined in these mandates:
Links for further reading: