This policy is listed for reference only and should be reviewed with your lawyer before implementing them into daily practice. We are not lawyers and are not providing any legal advice. View our legal disclaimer.

Workstation Security (Required)

Reference: 45 CFR ยง 164.310 (c)
Last Updated: October 24, 2024

Purpose

Goal: Review and define what the organization should do to prevent unauthorized physical access to workstations while ensuring that authorized users have access.

The purpose of this policy is to implement physical safeguards for all workstations that access ePHI while limiting usersโ€™ access to authorized areas.

Policy

Procedure: Employees will have access to secure workstations containing computer terminals with physical safeguards to minimize the possibility of unauthorized observation or access to protected health information (PHI). Areas where sensitive information is regularly entered or utilized will be secured using barriers to prevent public viewing of PHI during normal working hours. Wherever feasible these areas will be locked when not in use. Printers and fax machines will be located in the most secure areas available, and will not be located in or near areas frequented by individuals or the public.Areas where sensitive information is regularly entered or utilized will be secured using barriers to prevent public viewing of PHI during normal working hours. Wherever feasible these areas will be locked when not in use. Printers and fax machines will be located in the most secure areas available, and will not be located in or near areas frequented by individuals or the public.

  • Computer screens at each workstation must be positioned so that only authorized users at that workstation can read the display. When screens cannot be relocated, filters, hoods, or other devices may be employed.
  • Computer displays will be configured to go blank, or to display a screen saver, when left unattended for more than a brief period of time. The period of time will be determined by the Privacy and Security Officers. Wherever practicable, reverting from the screen saver to the display of data will require a password.
  • Computer screens left unattended for longer periods of time will log off the user. he period of time will be determined by the Privacy and Security Officers.
  • Data that remains at rest on in portable device like laptops shall be encrypted.
Simplify Your Compliance with
Software and Guided Coaching
Let your patients and clients know that you take HIPAA seriously with the HIPAA Seal of Compliance for your website, storefront, and marketing materials.

Get instant access to HIPAA Compliance News and Updates

You'll get your first checklist as soon as you sign up!
overlapping hands

Our Mission

To safeguard medical data by providing secure, reliable, and fully HIPAA-compliant hosting solutions, enabling healthcare professionals to focus on their primary mission of providing care.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram