Overview:
Implement policies and procedures to document repairs and modifications to the physical components of a facility that are related to security (for example, hardware, walls, doors, and locks).
Action Items:
1) Obtain and review such policies and procedures related to maintaining maintenance records. Evaluate the content in relation to the specified performance criteria for documenting repairs and modifications to the physical components of a facility related to security. Elements to review but are not limited to: Workforce members’ roles and responsibilities in repairs and modification to the physical components; Record keeping process of repairs and modification to the physical components; Specification of when repairs or modification of physical security components are required; Authorization process of repairs or modification of physical security components
2) Obtain and review documentation demonstrating records of repairs and modifications to physical security components. Evaluate and determine if records of repairs and modifications are being tracked and reviewed on periodic basis by authorized personnel.
Related Documents:
1) Policies and procedures related to maintaining maintenance records
2) Documentation demonstrating records of repairs and modifications to physical security components
Additional Guidance:
In a small office, documentation may simply be a logbook that notes the date, reason for repair or modification and who authorized it. In a large organization, various repairs and modifications of physical security components may need to be documented in more detail and maintained in a database.
In some covered entities the most frequent physical security changes may be re-keying dolocks or changing the combination on a door,when someone from the workforce has been terminated. Some facilities may use door locks that rely on a and or badge reader. Documentation on the repair, addition, or removel of these devices may also be needed to meet this specification.
Sample questions for covered entities to consider:
- Are policies and procedures developed and implemented that specify how to document repairs and modifications to the physical components of a facility which are related to security?
- Do the policies and procedures specify all physical security components that require documentation?
- Do the policies and procedures specify special circumstances when repairs or modifications to physical security components are required, such as when certain workforce members (e.g., Application Administrators) with access to large amounts of EPHI are terminated?
Article ID: 467
Created: September 29, 2022
Last Updated: September 29, 2022
Author: Matthew Burdick
Online URL: http://www.compliancewiki.org/article/hipaa-maintenance-records-164-310-a-2-iv-467.html