This policy is listed for reference only and should be reviewed with your lawyer before implementing them into daily practice. We are not lawyers and are not providing any legal advice. View our legal disclaimer.

Workstation Use: Remote Access & Work at Home

Reference: 45 CFR § 164.310
Last Updated: July 5, 2023


Goal: Define what the organization should do to appropriately protect remote workstations.

The purpose of this policy is to specify the proper functions to be performed, the manner in which those functions are to be performed and the physical attributes of the surroundings of a specific workstation that is not located in the confines of the main office.


Procedure: Remote Access and work at home provides employees the opportunity to work part of the week (generally on a regular basis) at an alternative work site away from the main work site. The alternative work site may be the employee’s home or a satellite office.

  • No information shall be removed from the office without the approval of the Security Manager and the individual’s supervisor.
  • Directors/Supervisors are required to maintain a record of the number of employees who undertake approved telework and the information accessed.
  • The opportunity to participate in telework is offered with the understanding that it is the responsibility of the employee to ensure that a proper work environment is maintained (e.g. security policies must be followed).
    • The employee and his/her family should understand that the home worksite is just that, a space set aside for the employee to work.
    • The security requirements prescribed in the office’s policy apply to all employees who telework,
  • Records subject to the Privacy Act may not be disclosed to anyone except those authorized access as a requirement of their official responsibilities.
  • Supervisors should ensure that appropriate physical, administrative, and technical safeguards are used to protect the security and confidentiality of such records used at home or satellite offices.
  • Supervisors should revise their record system procedures as necessary to indicate that off- site system location is authorized.
  • All files, records, papers, or machine-readable materials created while teleworking are our property.
  • Teleworkers are responsible for the security of all official data at the alternative worksite.
  • Supervisors should ensure that equipment assigned to teleworkers is properly accounted for.
  • Employee must protect all furnished equipment and software from possible theft and environmental damage. In cases of damage to unsecured equipment by non-employees, the employee will be held liable for repair or replacement of the equipment or software.
  • Employees are prohibited from using telework equipment for personal use.
Simplify Your Compliance with
Software and Guided Coaching
Let your patients and clients know that you take HIPAA seriously with the HIPAA Seal of Compliance for your website, storefront, and marketing materials.

Get instant access to HIPAA Compliance News and Updates

You'll get your first checklist as soon as you sign up!

overlapping hands

Our Mission

To safeguard medical data by providing secure, reliable, and fully HIPAA-compliant hosting solutions, enabling healthcare professionals to focus on their primary mission of providing care.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram