HIPAA requires your office protect the confidentiality, integrity and accessibility of patient information. In order to accomplish this, you must address the technical, administrative and physical risks to this information. While offices are making the transition to the cloud, you should not slack off on physical security, including office access controls.
The August 2024 advisory by HHS’ Office for Civil Rights identifies that from 2020-2023 there were over 1 million individuals whose information was breached that were the result of stolen equipment and devices containing ePHI. These were frequently attributed to burglaries. Break-ins and stolen or damaged equipment may leave your office unable to utilize the tools required to access information or provide timely treatment.
There are four implementation specifications published in the HIPAA regulations.
Contingency Operations
How will your office respond to an emergency or event that damages systems containing ePHI (e.g. natural disasters, burglaries, hacking). It is important to consider who should have access to the ePHI (and what devices they need to access) and what measures will be taken to ensure physical security.
In your plan, you should account for how natural disasters and other emergencies can affect your ability to access the physical premises (and the devices in the office).
Facility Security Plan
What tools are in place to ensure the security of the office? These can be security alarms, video monitoring, motion detectors, etc. If you rent or share the space with another entity, you should consider the facility security measures implemented by the third party as it will impact your own security measures.
Access Control and Validation Procedures
Identify and track who has access to the premises. Also, track the devices in the office (computers, laptops, tablets, USB, external hard drives, copiers, printers, etc.). If devices are portable, such as brought out of the office or moved between stations, develop a plan to monitor these devices.
Maintenance Records
Document repairs and other modifications made to the physical security features of the office (e.g. locks, doors, alarm system). This helps to ensure that you are maintaining the physical security of your office.
If you have questions or want to learn how to address the physical securities in your office, reach out to TLD Systems at info@tldsystems.com.
Read Comments