Estimated reading time: 1 minute, 51 seconds

The MultiStation Office & HIPAA Compliance

You may believe that once your servers are properly safeguarded you will be in HIPAA compliance. Unfortunately, in addition to ensuring that the servers in your  practice are protected from outside attacks you need to secure each individual workstation inside the practice. 


HIPAA regulations complicate matters by specifying that a workstation is not only a fixed location device. Instead, the regulations state that any tablet computers, PDA or other portable device employed by your staff requires it meet the HIPAA regulations.

This means that your staff needs to be well versed on what constitutes acceptable computer usage. You need to make sure your staff understands that they cannot download any new programs or install outside software onto the workstation, without approval. Furthermore, no workstations should be used for file sharing activities.

The staff should also be well versed in proper log off techniques to make sure the terminal doesn’t stay open allowing unauthorized access.

In terms of the password protection, you must make sure that the password cannot be by pass it. A log in screen serves no purpose if it can be bypassed. If the user doesn’t have the proper password, they should not be able to access the terminal.

As time consuming as it can be, making sure that all workstations contain the most recent update of anti virus programs and contain the most recent releases of the operating system are key to ensuring that the workstations remain secure.

Also, consider the physical location of the monitor. Anyone to the side or behind the monitor can have an unobstructed view of patient data.  It may be necessary to readjust the position of the various monitors throughout the practice.  

You should also consider whether the information on the monitor could be viewed as a reflection in a mirror or piece of glass located behind the monitor. This step may seem overly cautious but that is better then allowing personal data to be viewed by unauthorized persons.

For the portable devices, you must consider limiting what devices can leave the building. Those that do leave the building must be equipped with all the same safeguards as those that remain in the office.






Read 5002 times
Rate this item
(0 votes)
More in this category: « Revenue Cycle Management

Visit other PMG Sites:

PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.