R202. Delete sensitive information
The device must delete all sensitive information there contained in case of opening.
HIPAA Security Rules 164.310(d)(2)(i): Disposal: Implement policies and procedures to address the final disposition of electronic protected health information and/or the hardware or electronic media on which it is stored.
OWASP-ASVS v3.1-9.6 Verify that there is a method to remove each type of sensitive data from the application at the end of the required retention policy.