How to Secure Your Workstations


A vital step to protect patient information is to secure the tools you use to access, store, and transmit that information. Workstations are a major access point to your organization’s electronic protected health information (ePHI). Therefore, if you don’t properly secure your workstations or train your staff to use them securely, your workstations could become a liability.

Set Workstation Safeguards

You can secure your workstations with a few simple steps:

  1. Enable access control to restrict who or what can access ePHI.
  2. Set workstations to logoff or switch to screensavers in 15 or fewer minutes.
  3. Patch software regularly to improve security, which will help prevent breaches.
  4. Disable the option for employees to turn off anti-virus software.
  5. Use enterprise-level (not personal) anti-malware software.
  6. Remove an employee’s access to your network and programs within 24 hours of resignation or termination.
  7. Position workstations so the public can’t see them.
  8. Set physical safeguards, such as attaching laptops to the desk.
  9. Use automated tools to audit workstations, and review the audit logs regularly.
  10. Keep an inventory of all hardware and their movements in your facility.

Although HIPAA requires other safeguards for workstation access and use, this is a good place to start.

Train Your Employees

Employees cause more than half of all breaches. Therefore, they need to understand their role in keeping workstations secure. Train them on security best practices to help reduce risk in your organization.

One way to inform your staff is by sending security reminders. Not only are security reminders required by HIPAA, but they are also good training tools. Here are some ways you can remind your staff about workstation security:

  • Place a poster or flyer in common areas, such as a break room.
  • Send short emails or memos.
  • Hold regular staff meetings.
  • Create screensaver messages.

Security reminders don’t have to be a chore. Using HIPAAtrek, you can create custom reminders and schedule when they are sent to your staff. Furthermore, HIPAAtrek sends automatic reminders about login monitoring, password management, and malicious software to help make security a priority on your team. For more information, contact HIPAAtrek at

Are you up to date with HIPAA?

Check out our cheat sheet for staying up to date with changing regulations!

Request A HIPAAtrek Demo

HIPAAtrek User
Compliance is complicated. Your compliance software doesn’t have to be. Schedule your demo today!

You Might Also Like

Double Extortion: What It Is, and How You Can Prevent It

If organizations refuse to pay their ransom, attackers are threatening to release the data publicly. This will of course include sensitive information and PHI. Before Double Extortion, we assumed that hackers could not actually access our data and were only with-holding it from victims to disrupt the ability to continue their work. Now we know they can extract this information and publish it online, breaching our patient’s security.

Read More »