1670.030 HIPAA SECURITY: INVENTORY OF HARDWARE AND SOFTWARE CONTAINING ELECTRONIC PROTECTED HEALTH INFORMATION
Florida International University departments and units that create, maintain or transmit electronic protected health information (“EPHI”) are required to:
1. Maintain a master inventory list of all hardware and software that contain EPHI. For hardware, the list must include all relevant serial numbers and tags necessary to identify the device, its exact location and, where appropriate, the employee(s) who are assigned to work on the device.
2. Ensure that all EPHI accessible devices are accounted for by periodically updating the master inventory against the actual devices.
3. Ensure that devices that create, store or maintain EPHI are not moved or disposed of prior to notifying the HIPAA Security Administrator for the department or unit and the University IT Security Officer.
4. Ensure that prior to disposing of any devices containing EPHI, appropriate and retrievable backup copies are made in order to meet or exceed records retention requirements.
5. Ensure that all hardware and media containing EPHI are scrubbed before they are made available for re-use by another department or unit.
Published on 2017-12-13
Administrative Oversight & Contact Information
Office of University Compliance & Integrity
University Compliance & Privacy Officer
- Phone: 305--348-2216