There shall be physical safeguards to eliminate or minimize the possibility of unauthorized access to information.
To describe safeguards that each department will put in place to protect Personal Health Information (PHI) from accidental or intentional viewing at each workstation.
Secure Workstation Location Procedures
Department heads must perform an evaluation of each workstation and develop guidelines for the proper functions to be performed at that workstation, the manner in which the functions are to be performed, and the physical attributes of each workstation site. If the result of the evaluation determines that Personal Health Information (PHI) could possibly be displayed at a workstation, the following protections shall be applied, as appropriate:
Locate workstation in controlled access areas, or areas where there is minimal possibility of unauthorized personnel viewing screens or data.
Install covers of enclosures to preclude passerby access to protected health information.
Locate workstations in areas that are continuously monitored by cleared personnel when open for business and other wise securely locked and alarmed with a 24 hour monitoring system.
Request the Information Systems department to establish workstation inactivity timeouts.