Document Name: NCSA HIPAA Facility Security Procedures
|Table of Contents|
This document specifies the procedures for bringing people and equipment in and out of a secured facility for processing or storing ePHI (electronic Personal Health Information) covered by HIPAA.
- A request with the reason for removal is sent to the HIPAA Liaison who approves or rejects.
The requestor will be place the media in the provided secure container.
Container shall be locked with a key kept in the secure area.
Security team will transport secure container for wiping / destruction.
The security team will unlock with second key kept at wiping / destruction station.
Each device will be wiped or destroyed per Security Office policy
The person wiping the media will electronically record the details of the wiped media and when it was sanitized. Then they will return the secure container to the secure area area.
The media is given to the building manager who closes the workflow and sends the drive on. If necessary, they have the original requestor fill out the RMA paperwork.