Before a device is retired from use in the IPA or disposed of -- for any reason -- it must be subjected to an exit audit and process of removing all PHI, as well as revocation of access to PHI and all practice resources.
Exit audits, disposal audits, and their results must be documented. The results of the exit/disposal audits, including any access revoked or PHI removed, must be documented. The Exit Audit process can be found in the Bring Your Own Device (BYOD) Policy.
Report abuse