Workstation Security

§164.310(c): Implement physical safeguards for all workstations that access electronic protected health information, to restrict access to authorized users.

Audit Inquiry

Does the entity have policies and procedures that document how workstations are physically restricted to limit access to only authorized personnel?

Does the entity workstations that access electronic protected health information restricted to authorized users?

Obtain and review policies and procedures related to workstation security. Evaluate the content in relation to the specified criteria for security measures and guidance on how to implement and maintain physical security and how physical access to workstations that access ePHI is restricted to appropriate personnel.

Obtain and review documentation demonstrating workstation security policies and procedures being implemented. Evaluate and determine if implementation is appropriate and is in accordance with related policies and procedures.

 Required/Addressable

Required