2021.08.03
ClearHealth recognizes that media containing sensitive data may be reused when appropriate steps are taken to ensure that all stored sensitive data has been effectively rendered inaccessible. Destruction/disposal of sensitive data shall be carried out in accordance with federal and state law. The schedule for destruction/disposal shall be suspended for sensitive data involved in any open investigation, audit, or litigation.
ClearHealth utilizes enterprise level SAN devices provided by Rackspace to store production data. All data and repositories utilized by ClearHealth and ClearHealth customers are encrypted.
ClearHealth policy requires that:
(a) All media, including mobile and removable media, storing ClearHealth company data must be encrypted.
(b) Critical data as defined in ClearHealth's data classification model §data-management may not be stored on mobile devices or removable media, such as USB flash drives.
(c) All destruction/disposal of sensitive data storage media will be done in accordance with federal and state laws and regulations and pursuant to the ClearHealth's written retention policy/schedule.
- Records that have satisfied the period of retention will be destroyed/disposed of in an appropriate manner.
- Records involved in any open investigation, audit or litigation should not be destroyed/disposed of.
(d) All sensitive data must be rendered inaccessible in a forensically sound manner prior to media reuse or disposal.
(e) Mobile devices, including laptops, smartphones and tables, used in support of critical business operations shall be fully managed and/or audited by ClearHealth IT and Security.