This policy is listed for reference only and should be reviewed with your lawyer before implementing them into daily practice. We are not lawyers and are not providing any legal advice. View our legal disclaimer.

Workstation Use: Personal Digital Assistants (PDAs)

Reference: 45 CFR § 164.310
Last Updated: July 5, 2023


Goal: Define what the organization should do to appropriately monitor and controlled access to information on PDAs.

The purpose of this policy is to promulgate policy on the use of PDAs and associated personal computing devices that connect to network automated information systems (AIS).


Procedure: PDAs have the potential to provide business process improvements through the elimination of double entries of information ordinarily shared between PCs and PDAs. Approval of PDAs or similar equipment must be obtained in advance from the Security Manager and the individual’s.

  • PDA’s users must sign a PDA Agreement prior to accessing or storing any business’ information on the PDA.
  • PDA’s users must follow the security measures stated in this policy:
  • Use only commercially-produced applications or applications developed by trusted sources.
  • A PDA may not be used to enter passwords, combinations, PINs or classified information.
  • In regards to PDA remote connectivity features:
    • Allow no upload/download via wireless or infrared, while connected to a desktop PC, particularly a networked PC.
    • Use infrared only for authorized Palm to Palm data transfers.
  • PDAs may be used to carry data from a desktop workstation. This includes carrying schedules, contact information, notes, e-mail and other items from Microsoft Outlook.
  • PDAs may be used to take notes, save information or write e-mails while away from a desktop PC, whether down the hall or out of the office.
  • PDAs may be used to synchronize information with your desktop workstation using direct-connect cables or via an authorized infrared port.
  • PDAs may connect to synchronize files between an authorized PDA and the designated PC or designated infrared port specified in enclosure.
  • PDAs will be secured when not in use.
  • PDAs will not be:
    • Used with commercial Internet Service Providers.
    • Used with modems to exchange information with your desktop or other systems on the network
    • Used to synchronize files or devices across the network. All network synchronization features will be disabled before connecting to the network.
    • Used to arbitrarily download and load freeware or shareware software or enhancements. Such software is from untrustworthy sources and may contain malicious code.
    • Left unattended when attached to a computer.

All personally owned PDAs will conform to this policy. Failure to comply with this policy may result in disciplinary action to include but not limited to immediate termination.

Simplify Your Compliance with
Software and Guided Coaching
Let your patients and clients know that you take HIPAA seriously with the HIPAA Seal of Compliance for your website, storefront, and marketing materials.

Get instant access to HIPAA Compliance News and Updates

You'll get your first checklist as soon as you sign up!

overlapping hands

Our Mission

To safeguard medical data by providing secure, reliable, and fully HIPAA-compliant hosting solutions, enabling healthcare professionals to focus on their primary mission of providing care.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram