...
- A request with the reason for removal is sent to the building manager who approves or rejects. If necessary, they fill out the RMA paperwork now.
- The HIPAA Liaison approves or rejects the request.If approved
An authorized HIPAA covered employee will log the identifying information for each device and transfer to a secure container for transport out of the Covered Entity
Container shall be locked with a key kept in the secure area.
Container will transported to the designated site of wiping / destruction.
HIPPA covered employee will unlock with key kept at wiping / destruction. station.
Each device will be wiped or destroyed per policy.
Employee will generate a certificate of wiping/destruction for each storage device and return the secure container and certificates of destruction to the Covered Entity area
, a system administrator in the covered entity wipes the drive and notes when and by whom it was securely wiped.
- The media is given to the building manager who closes the workflow and sends the drive on. Email is sent to all parties involved.
...