Physical Safeguards Definition:
Physical Safeguards are a subset of the HIPAA Security rule that govern your office’s ability to protect its ePH from physical threats.
Physical Safeguards protect your office from unwanted access to your system, . They also ensure that your practitioners can access ePHI in emergencies, so that you can continue to provide care when it’s needed most.
The following questions will help you determine if your office is following necessary Physical Safeguards:
- Do I control how people access my medical facility? Do I have locks, alarms, or guards protecting unwanted entry?
- Do I have a contingency plan to be able to access the needed ePHI in case of an emergency? Do I know if my normal operations will change in an emergency?
- Do I keep logs of my maintenance records so that I can track any changes to my physical security?
- Will I know if an employee is using a workstation in an inappropriate manner? Have I determine what proper workstation use is?
- Do I dispose of my old ePHI workstations in a safe and secure manner? If I donate my old equipment, do I ensure that it’s cleared of any sensitive data?
If the answer to any of these questions is ‘no’, then your practice is likely noncompliant.
While a Risk Assessment is an inherent part of complying with the Administrative Safeguards, it is also inherently necessary for complying with Physical Safeguards. If you’re unaware of where your physical security falls short, then you can’t protect yourself sufficiently.
Physical Safeguard Standards
- Facility Access Controls
- Workstation use
- Workstation Security
- Device and Media Controls
If you need to complete a Risk Analysis, or need to implement Physical Safeguards to be compliant, please contact us.