OneTrust - Security Coordinator Review for SecureBox
HIPAA Security Coordinators will receive notification of a SecureBox request or modification and can follow the workflow below to review and validate the request is appropriate.
- SecureBox request is submitted using the Secure Storage Review intake form in OneTrust. OneTrust - How to access OneTrust
- The request (OneTrust - Common requests made via OneTrust) is automatically routed to the Risk Management & Compliance Team queue.
- Depending on the source Division of the Request, the corresponding HIPAA Security Coordinator is automatically added as an Approver.
- Nursing -> Shawn Gelo
- Pharmacy -> Mike Pitterle and John DeMuth
- HIPAA Security Coordinator will receive an email from OneTrust notifying them the request was submitted.
- HIPAA Security Coordinator should open the Request and review responses.
- If Responses are incomplete or inaccurate. The HIPAA Security Coordinator can “Send Back” to the requestor, including comments about what is missing. (Ref: OneTrust - Assessment Stages)
- If responses are complete and appropriate, complete the HIPAA Security Coordinator Review process:
- Click “Finish Review”
- Result: Select “Approved” for HIPAA Security Coordinator approval of the request. (Accepted can also be used in place of Approved)
- Select “Rejected” if not Approved.
- You can confirm your response by clicking “View Approvers”:
- There will still be a Review step completed by the RMC Risk Analyst.
- Once both reviews are completed, the request will be marked as “Complete” and the access will be provisioned.