...
| Panel |
|---|
Document Name: NCSA HIPAA Facility Security Procedures |
| Table of Contents |
|---|
Purpose
This document specifies the procedures for bringing people and equipment in and out of a secured facility for processing or storing ePHI (electronic Personal Health Information) covered by HIPAA.
...
- A request with the reason for removal is sent to the HIPAA Liaison who approves or rejects.
The requestor will be sent instructions on how to securely transport place the media out of the restricted area to the security team, using a in the provided secure container.
Container shall be locked with a key kept in the secure area.
Container will be transported to the security team Security team will transport secure container for wiping / destruction.
The security team will unlock with second key kept at wiping / destruction station.
Each device will be wiped or destroyed per Security Office policy
The person wiping the media will electronically record the details of the wiped media and when it was sanitized. Then they will return the secure container to the secure area area.
The media is given to the building manager who closes the workflow and sends the drive on. If necessary, they have the original requestor fill out the RMA paperwork.
...