HIPAA:
Experts Reveal How To Keep Security-Rule Violations At Bay
Published on Tue Jun 19, 2007
5 easy ways you can batten down your workstations' hatches.
Even the most advanced internal security controls won't mean a thing if you haven't secured your organization's computers from external threats. Here's help you can put to good use now to keep your workstations--and your patients' protected health information (PHI)--out of the wrong hands. 1. Lock Up Your Hardware The simplest way to ensure no one tampers with your organization's computers is also the easiest: "Close your doors and lock them" when you are at work and when you step away from your computer, recommends Rick Ensenbach, senior security consultant with Shavlik Technologies in Roseville, MN.
Not only will this keep people from walking in and seeing what you're looking at, it will also protect any confidential information you've got lying on your desk, Ensenbach notes.
Tip: Thwart hardware thieves by asking your IT department to lock down all workstations with cables, suggests Scott Supman, information security director at OhioHealth in Columbus. 2. Save Your Screens Even the most outdated operating systems are equipped with screensavers. For workstations that can't be turned away from public view, set the screensaver to come on after a specific period of inactivity, Ensenbach suggests.
Rule of thumb: The strictest security experts call for a five-minute lapse in activity before the screensaver comes on, but if your risk assessment allows it, you can shoot for a lenient 10-minute time frame, he says.
Tip: For computers with only one user--think the billing office or reception desk--password-protect the screensaver. That way, once the screensaver comes on, no one except those with the password can access information from that workstation, explains Shenethia Jones, security officer for Texas Health Resources in Arlington.
Good idea: Password-protected screensavers don't work as well in an environment where many users are sharing a station (e.g., the nurses' station or another clinical environment). Instead, try a single sign-on (SSO) method, Jones offers. With SSO, once the screensaver comes on, the original user is logged off and the next user can use her own information to access the system rather than trying to track down the first user, she says.
"We also use privacy screens in high-traffic areas" where it's hard to keep PHI on the computer screen out of public sight, Jones comments. And usually priced less than $100 at any office supply store, privacy screens won't break your budget, experts assure. 3. Always Log Out Of Your Systems "Your staff members shouldn't stay logged on to a system that accesses PHI when they're going to be away from the computer" for a while, Ensenbach says.
Tip: Make sure "all users log out and shut down their computers at the end of each day," Jones adds.
Though you [...]
