The most common vulnerabilities are unattended, logged-on workstations, confidential papers left on printers and fax machines, and exposed display screens on desktop workstations, rolling carts, and handheld devices (e.g. iPads).
Please ensure that any workstations visible to patients and/or other persons who are not employees is logged out of, or that its screen is locked before you walk away from the workstation. Do this even if you walk away for one minute! This is technically a HIPAA violation, and you can be held responsible for it, not to mention what our patients may think as they walk back to exam rooms and see workstations left unattended.
Locking your workstation is easy, just press Ctrl + Alt + Del on your keyboard and then select LOCK. Or, you can press the Windows key + L. This will take you back to the password screen to log back in. A few facts about human error as it relates to negligence in the workplace are listed below for your reference–empower yourself with the facts and DON’T BE A CONTRIBUTOR (or victim).
The HIPAA Security Rule requires that all devices with access to ePHI must have HIPAA physical safeguards in place. This includes mobile devices such as laptops, smartphones, and tablets that can access, store, or transmit ePHI in any way.
In the past, violations of the HIPAA Security Rule Workstation Security Standard have led to settlements and HIPAA fines ranging from $250,000 to $3.9 million. HIPAA violations and their associated fines are often caused by health care professionals failing to take reasonable steps to comply with their HIPAA physical safeguards.
In short, it is up to each of you to protect our patient information and be compliant with the law. Please remember to report any negligence to the compliance line, which can be done anonymously, if you witness this occurring in your location.