How to Secure Your Workstations

Share on facebook
Share on twitter
Share on pinterest

A vital step to protect patient information is to secure the tools you use to access, store, and transmit that information. Workstations are a major access point to your organization’s electronic protected health information (ePHI). Therefore, if you don’t properly secure your workstations or train your staff to use them securely, your workstations could become a liability.

Set Workstation Safeguards

You can secure your workstations with a few simple steps:

  1. Enable access control to restrict who or what can access ePHI.
  2. Set workstations to logoff or switch to screensavers in 15 or fewer minutes.
  3. Patch software regularly to improve security, which will help prevent breaches.
  4. Disable the option for employees to turn off anti-virus software.
  5. Use enterprise-level (not personal) anti-malware software.
  6. Remove an employee’s access to your network and programs within 24 hours of resignation or termination.
  7. Position workstations so the public can’t see them.
  8. Set physical safeguards, such as attaching laptops to the desk.
  9. Use automated tools to audit workstations, and review the audit logs regularly.
  10. Keep an inventory of all hardware and their movements in your facility.

Although HIPAA requires other safeguards for workstation access and use, this is a good place to start.

Train Your Employees

Employees cause more than half of all breaches. Therefore, they need to understand their role in keeping workstations secure. Train them on security best practices to help reduce risk in your organization.

One way to inform your staff is by sending security reminders. Not only are security reminders required by HIPAA, but they are also good training tools. Here are some ways you can remind your staff about workstation security:

  • Place a poster or flyer in common areas, such as a break room.
  • Send short emails or memos.
  • Hold regular staff meetings.
  • Create screensaver messages.

Security reminders don’t have to be a chore. In the HIPAAtrek, Inc. software, you can create custom reminders and schedule when they are sent to your staff. Furthermore, HIPAAtrek sends automatic reminders about login monitoring, password management, and malicious software to help make security a priority on your team. For more information, contact HIPAAtrek at

Please share to your communities

Request A HIPAAtrek Demo

Compliance is complicated. Your compliance software doesn’t have to be. Schedule your demo today!
Learn about Hipaa

Join the HIPAA Huddle

The HIPAA Huddle is a monthly meeting for compliance officers and others with HIPAA oversight responsibility to meet LIVE in a collaborative  environment to work through a single issue or discuss best practices.