The 4 Standards for HIPAA’s Physical Safeguards

Posted September 28, 2016

HIPAA’s definition on Physical Safeguards: “Administrative actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect electronic protected health information and to manage the conduct of the covered entity’s workforce in relation to the protection of that information.” HHS.gov

Standard #1: Facility Access Control limits the physical access one has to ePHI and where it is housed.

  • Establish Contingency Operations to maintain physical security and appropriate access in the event of disaster or emergency.
  • Create a Facility Security Plan documenting the safeguards protecting the facility and ePHI from unauthorized physical actions
  • Have Access Control and Validation Procedures to control and validate a person’s access based on their role or function
  • Keep Maintenance Records to record any physical changes to security (including, but not limited to repairs and removals)

Standard #2: Workstation Use and permissive behavior of such must be addressed and documented. This helps Covered Entities ensure their employees’ workstations are physically and virtually safe.

Standard #3: Workstation Security must also be addressed to specify how the workstation will be physically protected from unauthorized users.

Standard #4: Device and Media Controls require that any item storing electronic information must be properly handled, documented, saved, disposed and accounted for. Specifications include:

  • Disposal – Address procedures on how to properly dispose or destroy devices bearing ePHI.
  • Media Re-Use – Make sure that ePHI is completely removed before using for another purpose.
  • Accountability – Keep documentation on the hardware’s whereabouts and information identifying the one responsible.
  • Maintain Data Backup and Storage because updated and accurate ePHI must be accessible on demand.

This sums up another 17 pages or 1/3rd of the HIPAA Security Rule!

MOST RECENT

Why Consumers Love Telehealth

Keeping up with your health is everything, so why do so many patients have trouble doing this? Well it’s not just apathy or simple inconveniences. There are many reasons that can prevent a patient from either Seeking care when they need it Keeping up with their prescribed care Following through on annual check-ups What are […]

October 22, 2018

5 Ways Telehealth Benefits Your Practice

In today’s connected world, a majority of healthcare patients prefer easy access to physician services over in-person office visits. Whether a patient needs advice on a child’s fever, wants clarification on medication or presents with a condition that can be assessed and treated remotely, virtual visits offer on-demand care without the loss of time or the cost […]

October 16, 2018