A medical clinic is retiring several solid-state drives (SSDs) that once stored patients' electronic health records. To comply with HIPAA and other regulations, which action should a technician take to ensure the data cannot be recovered by any means?
Delete the disk's partitions in Windows Disk Management
Perform a quick format of the drives with the default Windows tool
Empty the Recycle Bin after deleting all files
Physically shred or otherwise destroy the drives so they are unusable
Regulations such as HIPAA require that protected health information be rendered unreadable and unrecoverable before media leave the organization. NIST SP 800-88 designates physical destruction-shredding, pulverizing, incinerating, or similar methods-as the surest way to sanitize flash-based media like SSDs. Logical techniques such as deleting partitions, emptying the Recycle Bin, or performing a quick format leave residual data that specialized tools can recover, so they do not satisfy the requirement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is physical destruction the best method for ensuring data irretrievability?
Open an interactive chat with Bash
What are the potential risks of simply deleting files from the storage media?
Open an interactive chat with Bash
What are some alternative methods of data sanitization besides physical destruction?