NCSA wiki will be offline Friday, Apr 19, 2024, from 1700 hours until Sun, Apr 21, 2024 in order to upgrade Confluence.
...
Wiping is done on a dedicated workstation by a method approved by the Security Office.
Anyone in the covered entity may initiate the process to remove media from the facility, but it follows the following process.
- A request with the reason for removal is sent to the building manager HIPAA Liaison who approves or rejects. If necessary, they fill out the RMA paperwork now.
- The HIPAA Liaison approves or rejects the request.
The requestor will be sent instructions on how to securely transport the media out of the restricted area to the security team, using a secure containerAn authorized HIPAA covered employee will log the identifying information for each device and transfer to a secure container for transport out of the Covered Entity.
Container shall be locked with a key kept in the secure area.
Container will be transported to the designated site of security team for wiping / destruction.
HIPPA covered employee The security team will unlock with second key kept at wiping / destruction station.
Each device will be wiped or destroyed per Security Office policy
Employee will generate a certificate of wiping/destruction for each storage device The person wiping the media will electronically record the details of the wiped media and when it was sanitized, and return the secure container and certificates of destruction to the Covered Entity area.
The media is given to the building manager who closes the workflow and sends the drive on.
...
If necessary, have the original requestor fill out the RMA paperwork.