OneTrust - Security Coordinator Review for SecureBox

HIPAA Security Coordinators will receive notification of a SecureBox request or modification and can follow the workflow below to review and validate the request is appropriate.

  1. SecureBox request is submitted using the Secure Storage Review intake form in OneTrust. OneTrust - How to access OneTrust
  2. The request (OneTrust - Common requests made via OneTrust) is automatically routed to the Risk Management & Compliance Team queue.
  3. Depending on the source Division of the Request, the corresponding HIPAA Security Coordinator is automatically added as an Approver.
    1. Nursing -> Shawn Gelo
    2. Pharmacy -> Mike Pitterle and John DeMuth
    3. Others?
  4. HIPAA Security Coordinator will receive an email from OneTrust notifying them the request was submitted.
    1. Email notification
  5. HIPAA Security Coordinator should open the Request and review responses. 
  6. If Responses are incomplete or inaccurate. The HIPAA Security Coordinator can “Send Back” to the requestor, including comments about what is missing. (Ref: OneTrust - Assessment Stages)
    1. Send Back button
    2. Send Back to in Progress confirmation
  7. If responses are complete and appropriate, complete the HIPAA Security Coordinator Review process:
    1. Click “Finish Review”
    2. Finish review
    3. Result: Select “Approved” for HIPAA Security Coordinator approval of the request. (Accepted can also be used in place of Approved)
    4. Select “Rejected” if not Approved. 
    5. Complete Assessment
    6. You can confirm your response by clicking “View Approvers”:
    7. Under Review
  8. There will still be a Review step completed by the RMC Risk Analyst.
  9. Once both reviews are completed, the request will be marked as “Complete” and the access will be provisioned.