...
Panel |
---|
Document Name: NCSA HIPAA Facility Security Procedures |
Table of Contents |
---|
Purpose
This document specifies the procedures for bringing people and equipment in and out of a secured facility for processing or storing ePHI (electronic Personal Health Information) covered by HIPAA.
...
Sanitizing Media for Removal
Media is must be sanitized before before leaving the secured disposal outside of the secure facility. This includes returning disks to vendors or repurposing equipment.
Wiping is done on a dedicated workstation in the facility by a method approved by the Security Office.
Anyone in the covered entity may initiate the process to remove media from the facility, but it follows the following process.
- A request with the reason for removal is sent to the building manager HIPAA Liaison who approves or rejects. If necessary, they fill out the RMA paperwork now.
The
HIPAA Liaison approves or rejects the request.requestor will place the media in the provided secure container.
Container shall be locked with a key kept in the secure area.
Security team will transport secure container for wiping / destruction.
The security team will unlock with second key kept at wiping / destruction station.
Each device will be wiped or destroyed per Security Office policy
The person wiping the media will electronically record the details of the wiped media and when it was sanitized. Then they will return the secure container to the secure area area
If approved, a system administrator in the covered entity wipes the drive and notes when and by whom it was securely wiped.
The media is given to the building manager who closes the workflow and sends the drive on.
Email is sent to all parties involvedIf necessary, they have the original requestor fill out the RMA paperwork.