A vital step to protect patient information is to secure the tools you use to access, store, and transmit that information. Workstations are a major access point to your organization’s electronic protected health information (ePHI). Therefore, if you don’t properly secure your workstations or train your staff to use them securely, your workstations could become a liability.
Set Workstation Safeguards
You can secure your workstations with a few simple steps:
- Enable access control to restrict who or what can access ePHI.
- Set workstations to logoff or switch to screensavers in 15 or fewer minutes.
- Patch software regularly to improve security, which will help prevent breaches.
- Disable the option for employees to turn off anti-virus software.
- Use enterprise-level (not personal) anti-malware software.
- Remove an employee’s access to your network and programs within 24 hours of resignation or termination.
- Position workstations so the public can’t see them.
- Set physical safeguards, such as attaching laptops to the desk.
- Use automated tools to audit workstations, and review the audit logs regularly.
- Keep an inventory of all hardware and their movements in your facility.
Although HIPAA requires other safeguards for workstation access and use, this is a good place to start.
Train Your Employees
Employees cause more than half of all breaches. Therefore, they need to understand their role in keeping workstations secure. Train them on security best practices to help reduce risk in your organization.
One way to inform your staff is by sending security reminders. Not only are security reminders required by HIPAA, but they are also good training tools. Here are some ways you can remind your staff about workstation security:
- Place a poster or flyer in common areas, such as a break room.
- Send short emails or memos.
- Hold regular staff meetings.
- Create screensaver messages.
Security reminders don’t have to be a chore. Using HIPAAtrek, you can create custom reminders and schedule when they are sent to your staff. Furthermore, HIPAAtrek sends automatic reminders about login monitoring, password management, and malicious software to help make security a priority on your team. For more information, contact HIPAAtrek at firstname.lastname@example.org.
Are you up to date with HIPAA?
Check out our cheat sheet for staying up to date with changing regulations!