The HIPAA Security Rule requires practices to protect patients’ health information by establishing physical safeguards such as the following:
• Tweak your office layout. For example, if unauthorized individuals could see protected health information on a monitor through an office window, consider repositioning the computer to prevent that from happening.
• Protect workstations. In exam rooms, nurses’ stations, and other easily accessible areas, require staff members to log off after a specific amount of time to prevent protected health information from being left unattended.
• Establish device and electronic media controls. Because thumb drives, laptops, smartphones, and tablets are easy to move in and out of a practice, they can be a significant security risk. Therefore, practices must have policies and procedures in place to protect the information stored on these devices, such as requiring password protection and limiting who is permitted to use these devices.
Adapted from “The HIPAA Security Rule: Are You in Compliance?”
Sign up to receive FPM's free, weekly e-newsletter, "Quick Tips & Insights," featuring practical, peer-reviewed advice for improving practice, enhancing the patient experience, and developing a rewarding career.