...
Sanitizing Media for Removal
Media is must be sanitized before before leaving the secured disposal outside of the secure facility. This includes returning disks to vendors or repurposing equipment.
Wiping is done on a dedicated workstation in the facility by a method approved by the Security Office.
...
- A request with the reason for removal is sent to the building manager who approves or rejects. If necessary, they fill out the RMA paperwork now.
- The HIPAA Liaison approves or rejects the request.
An authorized HIPAA covered employee will log the identifying information for each device and transfer to a secure container for transport out of the Covered Entity.
Container shall be locked with a key kept in the secure area.
Container will be transported to the designated site of wiping / destruction.
HIPPA covered employee will unlock with second key kept at wiping / destruction station. station.
Each device will be wiped or destroyed per per Security Office policy.
Employee will generate a certificate of wiping/destruction for each storage device and return the secure container and certificates of destruction to the Covered Entity area.
The media is given to the building manager who closes the workflow and sends the drive on.
Email is sent to all parties involved.
Will need to purchase a secured box and affix the keys at each location.