Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.



Document Name: NCSA HIPAA Facility Security Procedures
Version: 1.0a
Accountable: Adam Slagell
Authors: Adam Slagell
Approved:   June 29, 2016

Table of Contents


This document specifies the procedures for bringing people and equipment in and out of a secured facility for processing or storing ePHI (electronic Personal Health Information) covered by HIPAA.


  1. A request with the reason for removal is sent to the HIPAA Liaison who approves or rejects.
  2. The requestor will be place the media in the provided secure container.

  3. Container shall be locked with a key kept in the secure area.

  4. Security team will transport secure container for wiping / destruction.

  5. The security team will unlock with second key kept at wiping / destruction station.

  6. Each device will be wiped or destroyed per Security Office policy

  7. The person wiping the media will electronically record the details of the wiped media and when it was sanitized. Then they will return the secure container to the secure area area.

  8. The media is given to the building manager who closes the workflow and sends the drive on.  If necessary, they have the original requestor fill out the RMA paperwork.