Workstation Do’s and Don’ts
Secure your Workstations! Not surprisingly, workstation security is an important step in the overall health of your HIPAA Security program. In order for you to protect your patients’ data, you must protect the tools you use to access, transmit, and store their information.
Secure Your Workstations
You can secure workstations through a few simple steps:
- Each workstation has access controls enabled to restrict unauthorized users and programs from accessing ePHI
- Workstations should have automatic logoff or screensavers at low intervals (less than 15 minutes)
- Software is patched and managed to ensure the highest level of security. This also helps to prevent breaches due to gaps in security updates
- Position your workstations to protect from public view
- Make sure you have physical security safeguards in place
- Workstations should be secured at their stations
- Laptops can be attached to a desk or otherwise secured when possible
- Disable the ability for your employees to turn off your anti-virus software
- Use enterprise-level (not home version) anti-malware software
- Remove access to your network and softwares after an employee resigns or is terminated (within 24 hours)
In addition to these easy steps, you need to review your audit logs of connected workstations are required. Try using automated tools to aid in the audit log process will ensure your organization stays on top of workstation security.
Train Your Employees
Employees are responsible for more than half of all healthcare breaches. It is important to train your staff on their role in securing their workstations.
Most employees cringe at the thought of compliance training. When employees are not engaged in the training process or they are simply bored, your training programs are not effective. Therefore, STOP the long BORING training sessions! Incorporate training in ways that is easy for your employees to digest. Security reminders are not only required by HIPAA; but, they are also incredibly effective training tools.
What is a security reminder? I am glad you asked! A security reminder is any communication, in any media, used to communicate important security information to your staff. Examples of security reminders include:
- A poster or flyer in common areas such as an employee break room
- Short emails or memos
- Staff meetings to impart vital security information
- Screensaver messages
Training your staff in a meaningful way increases learning retention and improves staff productivity and engagement. Your employees won’t remember an hour long training seminar; however, they will remember a note taped to the employee fridge or on the back of the bathroom stall!
Wrapping it Up
Workstation use is a standard in the security rule because it is the main avenue to your organization’s ePHI. Without appropriate workstation procedures and proper staff education, the workstation can become a risk to the confidentiality, integrity, and availability of your ePHI.
For more on how HIPAAtrek can help you with your HIPAA program, contact our us! Happy HIPAAtrekking