Goal: Define what actions are needed to document repairs and modifications to the physical components of the physical facility/workspace as it relates to the protection of ePHI.
The purpose of this policy is to maintain an adequate audit log of repairs and modifications to the physical components of the facility as they relate to security.
Procedure: The Security Manager or its authorized representative must ensure timely response to potential threats. It is also critical that the following procedures take place whenever a potential risk is identified.
- All employees shall be aware of suspicious activity that may indicate the intent to penetrate controlled areas by unauthorized individuals.
- Once a potential threat is identified, the Security Manager or its authorized representative shall investigate the validity of such threat and implement the necessary physical changes to prevent access to such areas.
- Any threats shall be investigated and documented on the Internal Investigation log.
- In addition to the Internal Investigation log the Security Manager shall make an entry on the Security Incident log where information such as type of threat, date, correction steps and person responsible shall be documented.
