New Procedure for Lost or Stolen IT Equipment

Due to the sensitive nature of Protected Health Information (PHI) that exists throughout our clinics, lost or stolen IT equipment can result in a potential HIPAA breach. Therefore, a systematic procedure must be followed to investigate and report lost or stolen IT equipment. The following excerpt is taken from Appendix A that has been recently added to the Clinic Policy and Procedures manual.

  1. Attempt to locate the device(s) and make the determination where it was last located and who was in possession of it.
  2. Report the incident to the last user’s direct supervisor.
  3. Supervisor will contact IT by university e-mail or by submitting a HelpDesk ticket https://helpdesk.optometry.osu.edu
  4. IT will contact the College of Optometry’s building coordinator.
    • The building coordinator can contact FOD for door swipe logs, public safety for reviewing security camera footage, police, etc.
  5. IT will also contact the college’s appropriate Associate Dean or Dean.
  6. Once the appropriate parties have been contacted, IT will document the events in a HelpDesk ticket for long-term tracking.
  7. The Associate Dean or Dean will make the determination to alert the college as a whole and decide the appropriate details to be released.
  8. If the lost or stolen equipment is not recovered, any potential HIPAA breaches will be reported to the HIPAA security officer for further investigation and reporting.