Physical Safeguards

EMR / EHR Frequently Asked Questions

Physical Safeguards Definition:

Physical Safeguards are a subset of the HIPAA Security rule that govern your office’s ability to protect its ePH from physical threats.
Physical Safeguards protect your office from unwanted access to your system, .  They also ensure that your practitioners can access ePHI in emergencies, so that you can continue to provide care when it’s needed most.

The following questions will help you determine if your office is following necessary Physical Safeguards:

  • Do I control how people access my medical facility?  Do I have locks, alarms, or guards protecting unwanted entry?
  • Do I have a contingency plan to be able to access the needed ePHI in case of an emergency?  Do I know if my normal operations will change in an emergency?
  • Do I keep logs of my maintenance records so that I can track any changes to my physical security?
  • Will I know if an employee is using a workstation in an inappropriate manner?  Have I determine what proper workstation use is?
  • Do I dispose of my old ePHI workstations in a safe and secure manner?  If I donate my old equipment, do I ensure that it’s cleared of any sensitive data?

If the answer to any of these questions is ‘no’, then your practice is likely noncompliant.

While a Risk Assessment is an inherent part of complying with the Administrative Safeguards, it is also inherently necessary for complying with Physical Safeguards.  If you’re unaware of where your physical security falls short, then you can’t protect yourself sufficiently.


Physical Safeguard Standards

  • Facility Access Controls
  • Workstation use
  • Workstation Security
  • Device and Media Controls

If you need to complete a Risk Analysis, or need to implement Physical Safeguards to be compliant, please contact us.


See Technical Safeguards, Administrative Safeguards
Back to HIPAA Definition
Back to EMRSOAP HIT Glossary
Back to EMRSOAP Homepage


Comments are closed.

Complementary One Hour Health IT Risk Discovery Session

Not sure how to start making your practice smarter through Health IT? Not sure if your business needs to be HIPAA compliant? Schedule an complementary one hour Health IT discovery meeting with one of our consultants, and we'll help you determine what your practice needs in order to be secure and competitive in today's business environment.