Physical Safeguards for HIPAA Compliance

By Art Gross, President and CEO, HIPAA Secure Now!
Twitter: @HIPAASecureNow
Read other articles by this author

While it’s easy to get caught up in the many, many words of policies and procedures, how your space physically looks and functions are just as important. Physical safeguards play a vital role in achieving HIPAA compliance and keeping sensitive data out of the wrong hands. Let’s look at six physical safeguards that every healthcare practice should consider implementing.

Limited Access

Access to areas where PHI is stored or accessed should be limited to authorized personnel only. This means securing rooms, file cabinets, and other storage areas with locks, access controls, or security systems. It’s essential to ensure that only those who need access to patient data have it. PHI should never be left out on desks or other open areas.

Workstation Security

Workstations that are used to access or store PHI should be secured when not in use. This includes locking computer screens, logging off computers, and securing mobile devices. These security measures will help prevent unauthorized access and ensure that patient data remains confidential.

Facility Access Controls

Access to the practice facility should be limited and monitored. This includes using badges or key cards to gain access to the facility and logging visitors. By monitoring facility access, you can prevent unauthorized access to sensitive patient data.

Disaster Recovery Plan

A disaster recovery plan should be in place to ensure that PHI is protected in the event of a natural disaster or other emergencies. This includes backing up electronic PHI, making a plan for alternate locations, and ensuring that necessary equipment and supplies are available. By having a disaster recovery plan in place, you can ensure that your patient data remains safe and accessible, even in an emergency.

Equipment and Media Control

Equipment and media that contain PHI, such as computers, hard drives, and disks, should be physically secured when not in use. This includes locking them up or storing them in a secure location. By implementing these measures, you can ensure that patient data remains secure and is not accidentally exposed or lost.

Workforce Clearance

Prior to allowing access to PHI, employees should be screened and cleared for any criminal history or prior HIPAA violations. This includes conducting background checks and ensuring that new hires undergo HIPAA training. By doing so, you can ensure that your workforce is trustworthy and knowledgeable about HIPAA compliance.

These safeguards should be tailored to the size and complexity of the practice and the sensitivity of the PHI involved. By implementing these physical safeguards, you are not only protecting PHI, but your business. Remember, a little prevention can go a long way in safeguarding your practice against HIPAA violations and other data breaches.

This article was originally published on HIPAA Secure Now! and is republished here with permission.