Monday, October 5, 2015

Workstation Security

HIPAA Security Rule and how it effects your workstation

Workstation security defines the physical security controls and practices used to restrict access to information stored on computer workstations and peripheral equipment such as printers and fax machines. The HIPAA Security Rule specifies that you must implement physical safeguards for all workstations that access electronic protected health information (ePHI). In addition to protecting ePHI, the Security Rule is also in place to help protect from fluctuations in electricity. Plugging computer workstations into an electrical power strip that has a built-in surge protector.

Your workstations containing ePHI must be placed in locations that minimize the risk of unauthorized access to them. It is important for you to take reasonable measures to prevent unauthorized persons from viewing ePHI on your workstations. Examples of such preventative action include, placing workstations, printers, fax machines, scanners, and electronic devices. in secured areas and be sure that all monitors are positioned or shielded so that data shown on the screen is not visible to unauthorized persons.

The level of physical protection provided for your workstations containing ePHI must be commensurate with that of identified risks. An assessment of the risks to your workstations that can access ePHI must be conducted at least annually.

Your employees are required to report loss or theft of any access device, such as a card, that allows access to secured areas of your office. In addition, all of your portable workstations or electronic devices must be securely maintained when in the possession of an employee.

Compliance with the HIPAA Security Rule requires a proactive effort by everybody within your office. Having everybody involved in protecting ePHI, will help your office comply with the Security Rule regulations and that will greatly assist in protecting your office should an audit occur.

For more information on this and other HIPAA, HR, OSHA, and Medicare related topics, please email or visit our website at