In summary, Part 164 Subpart C | HIPAA 164.310: Physical Safeguards requires the following:
- Implement policies and procedures to limit physical access to its electronic information systems and the facility or facilities in which they are housed, while ensuring that properly authorized access is allowed.
- Workstation use.
- Workstation security.
- Device and media controls.
- Other supporting security initiatives.
Therefore, covered entities, business associates and other relevant parties are to have comprehensive HIPAA policies and procedures in place addressing the aforementioned areas. As an employee of [company name], you have the right to request such documentation from authorized personnel for gaining a greater understanding of HIPAA 164.310 and general best practices relating to the protection of electronically Protected Health Information (ePHI). Note: You may notice the wording in HIPAA to be vague and general at times, what’s important to note is that the aforementioned requirements are tailored to an organization’s exact needs. Specifically, that means “policies and procedures” for a large, multi-chain health care provider would be vastly different for a small dentist office. HIPAA is also about scalability and flexibility, so please keep that in mind.
Download HIPAA Policies and Compliance Toolkits Today
hipaapoliciesandprocedures.com also offers industry leading HIPAA toolkits for both Covered Entities (CE) and Business Associates (BA) consisting of high-quality security policies and procedures, training material, readiness checklists and templates, essential legal forms, a HIPAA specific disaster recovery manual, and so much more. Learn about our industry leading HIPAA compliance toolkits today.