The guidance document released on April 17, 2009, covers all data states, with all but the first requiring proper handling by encryption or destruction:
- data in use: data in the process of being created, retrieved, updated, or deleted
- data in motion: data that is moving through a network, including wireless transmission
- data at rest: data that resides in databases, file systems, and other structured storage methods
- disposed data: discarded paper records or recycled electronic media
For destruction, the document states that electronic media must have been "cleared, purged, or destroyed" according to NIST 800-88 to prevent retrieval. For paper media, it should be shredded or destroyed such that it cannot be reconstructed.
Src: HHS Releases Guidance for Securing Health Information and Preventing Harm from Breaches
No comments:
Post a Comment