Under HIPAA, specific procedures and physical protection must safeguard office computers and related equipment from damage or theft. About 1 in 5 Smart Training clients haven’t taken any action to secure their server from theft. This is especially important because many popular operating software suites will not allow the office to encrypt server hard drives. If the server is stolen and the drive is unencrypted, the office has sustained a serious data breach and substantial fines may follow. The same penalties may apply to offices that sustain a ransomware attack. Unless the office can prove a ‘low probability’ that patient data was actually accessed, the attack is considered a breach under HIPAA.
Workstation use and security are key concerns. Workstations should be inaccessible to patients, and workstation screensavers frequently are set to a far longer interval than we advise. In a dental office, for example, an assistant or hygienist might leave the room with a patient in the chair. The patient then has the opportunity to access patient information on the office system.
The HIPAA Security Rule defines physical safeguards as “physical measures, policies and procedures to protect electronic information systems from natural and environmental hazards and unauthorized intrusion.” Smart Training’s HIPAA Risk Assessment process was designed specifically to provide a birds’ eye view of physical safeguards and procedures already in place.
Get your HIPAA Risk Assessment Now!