Due to the sensitive nature of Protected Health Information (PHI) that exists throughout our clinics, lost or stolen IT equipment can result in a potential HIPAA breach. Therefore, a systematic procedure must be followed to investigate and report lost or stolen IT equipment. The following excerpt is taken from Appendix A that has been recently added to the Clinic Policy and Procedures manual.
- Attempt to locate the device(s) and make the determination where it was last located and who was in possession of it.
- Report the incident to the last user’s direct supervisor.
- Supervisor will contact IT by university e-mail or by submitting a HelpDesk ticket https://helpdesk.optometry.osu.edu
- IT will contact the College of Optometry’s building coordinator.
- The building coordinator can contact FOD for door swipe logs, public safety for reviewing security camera footage, police, etc.
- IT will also contact the college’s appropriate Associate Dean or Dean.
- Once the appropriate parties have been contacted, IT will document the events in a HelpDesk ticket for long-term tracking.
- The Associate Dean or Dean will make the determination to alert the college as a whole and decide the appropriate details to be released.
- If the lost or stolen equipment is not recovered, any potential HIPAA breaches will be reported to the HIPAA security officer for further investigation and reporting.