• Skip to primary navigation
  • Skip to main content
  • Skip to footer
Kentucky RHIO

Kentucky RHIO

Solving Health IT Problems, Together.

  • Contact Us
  • Careers
  • About
    • Mission & History
    • Our Team
    • Board of Directors
  • Services
    • IT Services
    • Patient-Centered Medical Home
    • Quality Improvement
    • Mental Health First Aid
  • Grant Projects
    • Kentucky Opioid Community Healing Project
    • Workforce Opportunities for Rural Communities Project
    • Impact
  • In the Know

June 15, 2016

Part II: “How Can We Be Compromised?” – HIPAA Security, Physical Safeguards

Uncategorized

Workstation Use

In Part II of our HIPAA Security breakdown, we’ll be talking about the next portion of Physical Safeguards, Workstation Use. Workstation Use (Standard §164.310(b)) may be the most dynamic piece of HIPAA’s Security Rule, at least as far as physical security is concerned, while being the shortest in length! HIPAA defines a workstation in the Final Rule as “a laptop or desktop computer, or any other device that performs similar functions, and electronic media stored in its immediate environment.’’ As it stands, almost every computer you will ever access is a workstation.

Throughout the days in a healthcare organization, nearly every employee comes into contact with confidential PHI in some form. For those that are electronically accessing such data – or have the potential to – Workstation Use is a vital set of policies to implement. The possibility exists for PHI to be compromised on any workstation used, through several potential threats or vulnerabilities. By creating and enforcing these policies and procedures, you can minimize the inherent risk of accessing PHI electronically.

You may be thinking, “How can we be compromised? The computers are in the office, where no one else has access!” or “I don’t think we need a policy that tells people what websites they can’t visit!” While those examples may seem like common sense, HIPAA requires the policies be in place nonetheless, and for good reason.

Whether it be an innocent as an employee curiously clicking a Facebook link, following a pop-up ad, or even just downloading a file they believed to be safe, the potential for malware to infect your computer isn’t negligible. A simple key-logger could record every single keystroke typed on a machine, compromising any patient data entered from the point it started onwards. The recent rise of ‘Ransomware’ presents another cause for concern. A single email attachment or wrongfully trusted file and your entire database could be lost. Even leaving a computer logged-in unattended poses a risk for unauthorized access to information.

These scenarios are the reason why Workstation Use, coupled with Part III’s topic of Workstation Security, are key. Bring together a taskforce to construct policies and procedures that reinforce the security of your practice’s PHI. Set a policy that requires logging off prior to stepping away from a workstation, as well as one that ensures usernames and passwords aren’t kept in a noticeable place. Another policy might detail monitor position so that visitors and patients do not have a line of sight to PCs with PHI. Requiring privacy filters might even be a possibility.

Use the eyes of an outsider.

From the time you (or they!) walk into your clinic and up to the front desk to schedule an appointment, to the point of seeing the providers themselves, have you left any PHI or security-compromising information visible? From there, transition into the ways in which it can be prevented based on what you’ve seen.

Security is an ever-changing obstacle, and our goal at NeKY RHIO is to assist you in meeting and surpassing HIPAA requirements. If you’re curious as to how your clinic or healthcare organization is currently handling its Information Technology security, as well as HIPAA’s Security Rule in general, we can help.

Footer

  • In the Know
  • About
    • Mission & History
    • Our Team
    • Board of Directors
  • Services
    • IT Services
    • PCMH
    • Quality Improvement
  • Careers
  • Grant Projects
    • KOCH Project
    • WORC Project
    • Impact
  • Contact Us

Subscribe to stay in the know

  • Terms
  • Privacy
  • © 2025 Kentucky Rural Health Information Organization
made by P&P