Institute:Office of National Coordinator (ONC) Workforce Training Curriculum
Component:The Culture of Health Care
Unit:Privacy, Confidentiality, and Security
Lecture:HIPAA Security Rule
Slide content:Physical Safeguards Facility access controls Contingency operations (A) Facility security plan (A) Access control and validation procedures (A) Maintenance records (A) Workstation use (R) Workstation security (R) Device and media controls Disposal (R) Media re-use (R) Accountability (A) Data backup and storage (A) 9
Slide notes:The second category of safeguards is physical safeguards. Access to the facility is addressable, so the facility must have a security plan with contingency operations, maintenance records, and other controls. The facility includes the data center location and associated data center hardware, software, and network access points as well as physical access controls to the area. There are requirements for workstation use, physical security of the workstation, and dealing with devices and media. There are explicit regulations for how media containing PHI is disposed of or reused. There are also addressable issues on accountability for media and its backup and storage. Also, the secure use of various types of mobile devices must be addressed. 9