MEDIA REUSE POLICY

The Media ReUse Policy and associated guidance provide requirements for reuse or disposal of DeHealth systems containing protected or confidential information.

This Media ReUse Policy applies to systems connected to any DeHealth network, including all information resources that are owned, leased, vended, contracted, or operated by the Company. This includes hardware, software, systems, and Data. 

The audience for this Media ReUse Policy is all DeHealth. It also applies for all other agents of the Company with access to DeHealth information and network for contracted services. This includes, but not limited to partners, affiliates, contractors, temporary employees, trainees, guests, and volunteers.

Media ReUse Policy is developed in accordance with 45 CFR Part 164.310(d) HIPAA.

  1. DEFINITION 
    1. User is any person who installs the App to receive Services for the purpose of monitoring their health.
    2. Personal Data is any information that is in the public domain, allowing you to directly or indirectly identify the User. For example, first name, last name, phone number, IP address.
    3. Employee is any natural person or contractor who cooperates with the Company on the basis of an employment contract or other regulatory law.
    4. Data concerning health means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.
    5. Data is a common name for Personal Data and Data concerning health
    6. DeHealth company (hereinafter referred to as the "Company" or "DeHealth") is a DEHEALTH TECHNOLOGIES, INC, registered at 1049 El Monte Avenue, Ste C #846,
Mountain View, CA 94040, United States, EIN: 36-5099713, which provides Services to Users.
    7. DeHealth application (hereinafter referred to as the "App") is a service created so that the User can check the state of his health and monitor the change in his health.
    8. Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that sets rules about who can see and receive medical information.
  2. GENERAL PROVISION
    1. Data concerning health is made non-recoverable from all media before disposal or reuse. The Company does not reuse Data concerning health under any circumstances. Logs will be maintained and audited to ensure that Data concerning health media is properly disposed of without the possibility of reuse.
    2. All types of Data concerning health media are physically protected during transportation to reduce the risk of unauthorized access, damage or misuse of Data concerning health.
    3. Only certified software is used to delete Data concerning health.
  3. REUSE DATA
    1. All Data concerning health is removed from hard drives when the equipment is transferred to an Employee who does not require access to the Data concerning health. Hard drives shall be wiped clean by IT before transfer.
    2. Data concerning health is removed from software before it can be used by an Employee who does not have access to Data concerning health.
    3. All other media shall have all the Data concerning health removed (the mechanism may vary depending on the media type) and tested to ensure the Data concerning health cannot be retrieved. If the media is not “technology capable” of being cleaned, the media shall be overwritten or destroyed.
    4. Device Maintenance and Repair: When the technology is capable, all Data concerning health shall be removed from the device’s memory or hard drive before the device is accessed for maintenance externally or sent out for repair. Devices include computer servers, copiers, printers, and other devices capable of storing electronic data.
    5. Software Maintenance and Repair: All Data concerning health must be removed from the software registries before the Employee gains access to it.
    6. The Company includes security requirements and/or security specifications in information system acquisition contracts based on an assessment of risk (applications, servers, copiers, etc.).
    7. Before re-use for Data processing, media undergo full encryption or Data destruction (sanitization) in accordance with NIST SP 800-88. The Company keeps a detailed log with a description of all actions with media used for Data processing. If the medium is no longer used for Data processing, it is subject to physical destruction.
  4. POLICY RESPONSIBILITIES 
    1. Company manager and Company supervisor Responsibilities:
      1. Ensure that only Employees whose duties require the need to transport Data concerning health outside of the secured physical perimeter of a DeHealth facility are granted permission to do so.
      2. Enforce procedures to govern the receipt and removal of hardware and electronic media that contain Data concerning health outside of the secured physical perimeter of a DeHealth facility and the movement of these items within the facility.
      3. Ensure compliance with procedures governing the use of software containing Data concerning health, as well as the replacement of such software.
    2. IT T Support Responsibilities:
      1. Ensure that all hard drives are wiped clean of Data concerning health before disposal, reuse, or being sent out for repair.
      2. Maintain an inventory and record of movements of hardware and electronic media such as workstation computers, servers, or backup tapes.
      3. Ensure that the software for processing Data concerning health is licensed and that only an Employee with the appropriate access level has access to it.
    3. Employee Responsibilities:
      1. Follow the procedures that govern the receipt and removal of hardware and electronic media that contain Data concerning health.
      2. Limit the quantity of Data concerning health on portable electronic media to the minimum necessary to perform their duties.
      3. Secure Data concerning health on portable electronic media/software through encryption.
      4. Remove and destroy all Data concerning health from portable electronic media/software when it is no longer needed to perform their duties.
      5. Do not leave or store portable media that contains Data concerning health in their vehicles or in any other unsecured location.
      6. Report lost/stolen Data concerning health material immediately.
      7. Ensure that portable devices, including cell phones, which contain Data concerning health are secure.