OSHA & HIPAA Compliance Made Easy
OSHA & HIPAA Compliance Made Easy
With 25+ years of OSHA experience and one of the nation's only Certified HIPAA Professionals, Smart Training makes compliance not only manageable but easy! We want to address your concerns, so comment and have your questions answered by the experts!
Smart Training

How To Protect Patient Data Part 3: HIPAA's Physical Safeguards

How To Protect Patient Data Part 3: HIPAA's Physical Safeguards

9/18/2017 9:09:02 AM   |   Comments: 0   |   Views: 85
The HIPAA Security Rule defines physical safeguards as “physical measures, policies and procedures to protect electronic information systems from natural and environmental hazards and unauthorized intrusion.”

In 2012, when Hurricane Sandy breached lower Manhattan, officials estimated that fewer than 1 in 5 healthcare offices had backup systems in place, even though the law had required backups as part of the Contingency Plan requirements for the past several years.  We’re seeing much the same result in the Houston area following Hurricane Harvey … about 1 in 5 offices have a backup from which to restore data.

Also required, but seldom in evidence:  A facility security plan.  Procedures and physical protection must safeguard office computers and related equipment from damage or theft.  Still, about 1 in 5 Smart Training clients haven’t taken any action to secure their server from theft.  This is especially important in the dental field because many popular operating software suites will not allow the office to encrypt server hard drives.  If the server is stolen and the drive is unencrypted, as it often is, the office has sustained a serious data breach and substantial fines may follow.

Quite often, system passwords haven’t been changed in several years, meaning that recently terminated employees may have shared active passwords with the rest of the local community.  The fact that former employees have signed an Employee Privacy Policy does not safeguard the practice from a disgruntled former employee sharing system login information with others who should not have access to patient data.

Access control and validation procedures are often overkill for smaller offices, but they provide a reminder to ensure that visitors who access treatment areas for maintenance or other routine work should sign the Visitor Privacy Policies Smart Training clients receive.  

Workstation use and security are key concerns.  Workstations should be inaccessible to patients in operatories, and workstation screensavers frequently are set to a far longer interval than we advise.  In a dental office, for example, an assistant or hygienist might leave the room with a patient in the chair.  The patient then has the opportunity to access patient information on the office system.

Smart Training’s HIPAA Risk Assessment process was designed specifically to provide a birds’ eye view of physical safeguards in place.  Unfortunately, we still see too many offices with at least one – and often, several – major vulnerabilities.  Until these are addressed, both practice and practitioners are at risk; patient privacy is serious business.
Get Professional HIPAA Tools For Your Office!
More Like This

Total Blog Activity

Total Bloggers
Total Blog Posts
Total Podcasts
Total Videos


Site Help

Sally Gross, Member Services
Phone: +1-480-445-9710
Email: sally@farranmedia.com

Follow Hygienetown

Mobile App



9633 S. 48th Street Suite 200 • Phoenix, AZ 85044 · Phone: +1-480-598-0001 · Fax: +1-480-598-3450
©1999-2019 Hygienetown, L.L.C., a division of Farran Media, L.L.C. · All Rights Reserved