The organization must keep a record of all foreign devices entered and withdrawn of the facilities.
HIPAA Security Rules 164.310(d)(1): Device and Media Controls: Implement policies and procedures that govern the receipt and removal of hardware and electronic media that contain electronic protected health information into and out of a facility, and the movement of these items within the facility.
HIPAA Security Rules 164.310(d)(2)(iii): Accountability (A): Maintain a record of the movements of hardware and electronic media and any person responsible therefore.
Start with Fluid Attacks
We are a proud corporate member of the OWASP Foundation