ClearRecord enforces HIPAA-compliant file retention policies on Windows workstations, securely deletes individual aged files per NIST SP 800-88 while drives remain in service, and generates destruction certificates with tamper-evident 6-year audit logs.
The regulation
The HIPAA Security Rule (45 CFR Part 164 Subpart C) requires covered entities and business associates to implement policies and procedures for the disposal of electronic protected health information (ePHI). Three sections are directly relevant to file lifecycle management:
HHS Office for Civil Rights (OCR) enforcement has increased sharply. The 2024 Change Healthcare breach exposed 192.7 million patient records. The 2026 HIPAA Security Rule overhaul, the biggest update in a decade, adds new requirements for technical controls and audit documentation. Organizations that cannot demonstrate compliant disposal practices face fines of $100 to $50,000 per violation, up to $2.067 million per category per year.
Requirements mapping
| HIPAA requirement | How ClearRecord addresses it |
|---|---|
| 164.310(d)(2)(i) Disposal of ePHI media | NIST SP 800-88 Rev. 2 Clear-level sanitization: zero-overwrite + FlushFileBuffers for HDDs, cryptographic erase via BitLocker for SSDs. Every deletion logged. |
| 164.312(b) Audit controls | Tamper-evident hash-chained audit log records every deletion event with timestamp, workstation, user, method, and result. Hash chain integrity verifiable at any time. |
| 164.530(j) 6-year retention | ClearRecord enforces a minimum 6-year log retention period. The system blocks early deletion of audit records, so you cannot accidentally purge your compliance history. |
| 164.312(a)(1) Access controls | Role-based access control (Admin/Manager/Viewer). PBKDF2-HMAC-SHA256 password hashing. Deactivated users ejected within 5 minutes. |
| 164.312(e)(1) Transmission security | All agent-to-hub communication uses mutual TLS (mTLS). Self-signed Root CA. No data leaves your network. |
| ePHI filename protection | HIPAA mode automatically SHA-256 hashes filenames and file paths before they leave the workstation. Plaintext filenames are never stored in the central database. |
| Destruction documentation | PDF/A-2b archival destruction certificates with HIPAA-specific regulatory citations, event detail logs, workstation inventory, and authorized signatory attestation. |
For healthcare organizations
Patient names in filenames (e.g., "Smith_Lab_Results.pdf") are SHA-256 hashed before leaving the workstation. Your audit log proves deletion without exposing PHI.
ClearRecord runs entirely on your network. No ePHI ever touches our servers. No cloud storage, no external transmission, no Business Associate Agreement needed.
All audit records stored in SQLCipher AES-256 encrypted database with DPAPI-protected keys. Only the SYSTEM account can decrypt. Daily encrypted backups at 2 AM.
ClearRecord detects BitLocker-encrypted SSDs and applies cryptographic erase instead of zero-overwrite. Warns administrators when unencrypted SSDs are detected.
Common questions
HIPAA requires covered entities to retain documentation of their security policies, procedures, and actions for six years from the date of creation or the date it was last in effect, whichever is later (45 CFR 164.530(j)). ClearRecord enforces this automatically and prevents early deletion of audit records.
Yes. ClearRecord implements NIST SP 800-88 Rev. 2 Clear-level sanitization: single-pass zero-overwrite with FlushFileBuffers verification for HDDs, and cryptographic erase via BitLocker for SSDs. Every deletion is logged with a tamper-evident hash chain and can be exported as a destruction certificate.
No. ClearRecord runs entirely on your local network. No patient data, filenames, or audit logs ever leave your premises. Because ClearRecord never accesses, stores, or transmits ePHI to external servers, no BAA is required. The only external communication is an optional monthly license validation call that contains no patient data.
When the HIPAA compliance pack is active, ClearRecord automatically SHA-256 hashes all filenames and file paths before they leave the workstation. The plaintext filename is never stored in the Hub database or audit logs. Administrators can perform forward lookups by typing a filename to search, but cannot browse plaintext names in the event log.
Yes. ClearRecord generates PDF/A-2b archival-format destruction certificates that include: organization details, HIPAA-specific regulatory citations (45 CFR 164.310(d)(2)(i), 164.312(b)), a detailed event log of every file deleted, the NIST 800-88 method used, workstation inventory with BitLocker status, hash chain integrity verification, and authorized signatory attestation.
Contact us to schedule a demo. We will walk you through setup for your healthcare environment.
Request a Demo