Overview:
Implement physical safeguards for all workstations that access electronic protected health information, to restrict access to authorized users.
Action Items:
1) Obtain and review policies and procedures related to workstation security. Evaluate the content in relation to the specified criteria for security measures and guidance on how to implement and maintain physical security and how physical access to workstations that access EPHI is restricted to appropriate personnel.
2) Obtain and review documentation demonstrating workstation security policies and procedures being implemented. Evaluate and determine if implementation is appropriate and is in accordance with related policies and procedures.
Related Documents:
1) Policies and procedures related to workstation security.
2) Documentation demonstrating workstation security policies and procedures being implemented.
Additional Guidance:
While the Workstation Use standard addresses the policies and procedures for how workstations should be used and protected, the Workstation Security standard addresses how workstations are to be physically protected from unauthorized users.
Covered entities may implement a variety of strategies to restrict access to workstations with EPHI. One way may be to completely restrict physical access to the workstation by keeping it in a secure room where only authorized personnel work.
As with all standards and implementation specifications, what is reasonable and appropriate for one covered entity may not apply. The risk analysis should be used to help with the decision-making process.
Sample questions for covered entities to consider: Are physical safeguards implemented for all workstations that access EPHI, to restrict access to authorized users?
- Have all types of workstations that access EPHI been identified, such as laptops, desktop computers, personal digital assistants (PDAs)?
- Are current physical safeguards used to protect workstations with EPHI effective?
- Are additional physical safeguards needed to protect workstations with EPHI?
Article ID: 469
Created: September 29, 2022
Last Updated: September 29, 2022
Author: Matthew Burdick
Online URL: http://www.compliancewiki.org/article/hipaa-workstation-security-164-310-c-469.html