The HIPAA security rule is full of various requirements to help you protect the confidentiality, integrity, and availability of electronic protected health information (ePHI).  One of those rules addresses how you will manage the workstation which is important because it is the most direct route to your PHI.  With that in mind, let’s review some steps you should take today regarding your workstations and protecting your ePHI.

  • Ensure that each workstation has the necessary access controls to restrict unauthorized users and programs from accessing ePHI
  • Ensure that software on each workstation and on the network, is compatible and will not lead to the degradation of the system.
  • Ensure workstations are turned away from public view
  • Provide physical access controls to the workstations and laptops
    • Workstations should be secured at their stations
    • Laptops can be tethered to their desks when necessary
  • Ensure workstations have virus protection that cannot be disabled by users
  • Ensure operating systems receive critical updates and patches
  • Remove network access soon after individual is terminated

While these are action that can be performed by your IT department or security officer, end users also need to be educated regarding their responsibilities when working at the workstation.

  • Do not leave passwords on sticky notes on the computer
  • Do not share passwords with fellow employees
  • Engage the screensaver when leaving the workstation unattended
    • Use control-alt-delete or depress Windows key and press L
  • Do not remove the plastic privacy screen from the monitor

Workstation use is a standard in the security rule because it is the main avenue to your organization’s ePHI.  Without appropriate workstation procedures and proper staff education, the workstation can become a risk to the confidentiality, integrity, and availability of your ePHI.  For more on how HIPAAtrek can help you with your HIPAA program, contact our CEO, Sarah Badahman at  Happy HIPAAtrekking