HealthITSecurity recently wrote an article on the need to increase the level of physical safeguards in order to be compliant with the HIPAA Security Rule standards. This article followed recent examinations of administrative safeguards and technical safeguards, both of which are also worth a read.
In their review of the HIPAA standards for physical safeguards, the article looks at the ongoing battle healthcare organizations have had with physical safeguards. The number of laptop thefts in the healthcare industry attests to this ongoing issue.
The article looks at all of the physical safeguards required under HIPAA, from facility access controls and workstation use and security to device and media controls, which is an area where we specialize. Covered entities must “form policies and procedures that govern the “receipt and removal of hardware and electronic media that contain electronic protected health information into and out of a facility, and the movement of these items within the facility.” This includes finding appropriate methods to dispose of hardware, software and patient data and determining who’s responsible for that disposal."
As outlined in the article and on the HIPAA standards website, it’s important to ask key questions such as how is hardware and software tracked? If employees are allowed to remove devices that contain or can connect to ePHI, how are these devices tracked?
Absolute Software is the industry standard in persistent endpoint security and management solutions for computers, laptops, tablets and smartphones. We have been providing healthcare organizations with solutions to track, manage and secure their IT endpoints, and the data they contain, since 1993. Absolute Computrace allows healthcare organizations to remotely engage with devices so that data can be safeguarded or removed, with audit logs to prove compliance. Learn more about our healthcare solutions here.