Health Information Compliance Alert
Protect PHI With Automatic, Locked Screensavers
PDF
Question: Our IT department wants to require that each workstation's password-protected screensaver come on after one minute of inactivity. However, our clinic staff believes this will impede their work. Does this security rule require that screensavers launch this quickly? New Mexico subscriber Answer: "No," the security rule leaves it up to you to decide how you'll protect patient information on computer screens, says C. Jon Burke, a security expert with Toshiba America Medical Systems in California. Try this: Observe how often staff members are away from their workstations. If the average time spent away is three minutes, you must determine how likely it is that in those three minutes an unauthorized viewer could access that machine, Burke notes. In a high traffic area, three minutes might be plenty of time for someone to get their hands on patient data; in a low traffic area, it could be much harder. You can set different timeframes for those in the high-risk areas than those in the low-risk areas, Burke suggests. Or, you could settle upon a more convenient length of idle time before the password-protected screensaver comes on, such as two minutes. The bottom line: As with all aspects of the security rule, your risk assessment will determine what policies and procedures you use to protect patients' PHI. And you may decide that you are willing to accept the risk posed by allowing staffers to set their screensavers to launch after a period more convenient for their job function, Burke says.
Health Information Compliance Alert
- Compliance Update:
OIG Calls for Crackdown on Faulty HIPAA Security
Prepare for scrutiny of your security practices in 2009. Now's not the time to let [...] - Compliance Update:
CMS Outlines E-prescribing Initiative in 2009 Physician Fee Schedule
Final Rule also spruces up PQRI incentives. Times are changing, and physicians and need to [...] - Security:
Know What Contract Best Protects
When do TPAs fit better than BAAs? The answer may surprise you. A business associate [...] - Security Compliance:
You Can Safely Send Instant Messages --" Here's How
Think sending instant messages will shut down your systems? Think again. Allowing your employees to [...] - Security Strategies:
Don't Let an Emergency Wipe Out Your Security Compliance
Create a contingency plan that will prepare your staff members to handle any disaster. Don't [...] - Clip 'N' Save:
Use This Tool to Ensure Correct Documentation
Hold on to this information or kiss your security compliance goodbye. If you can't rattle [...] - Security Tip:
Prepare to Accept These IM Security Risks
Your firewall won't catch viruses sent via an instant message. Instant messaging can streamline your [...] - You Be The Security Expert:
Are We Violating Patient Privacy When We Call the Police?
Question: Our front line staff are excellent at calming upset patients, but recently one client [...] - Reader Questions:
Protect PHI With Automatic, Locked Screensavers
Question: Our IT department wants to require that each workstation's password-protected screensaver come on after [...] - Reader Questions:
Don't Withhold Patients' Medical Records
Question: A few of our patients have asked for a full, unedited copy of their [...]