Most HIPAA covered entities have become steadfast in ensuring their digital environments that house ePHI are safe and secure, but this should not be your organization’s only concern. In its May OCR Cybersecurity Newsletter, OCR encouraged healthcare organizations to not forget about workstation security and physical security when it comes to protecting ePHI.
Workstation and physical security should be a collaborative effort between the privacy officer and security officer in your organization, but someone, regardless of who, should take the lead on physical security issues.
In its May newsletter on workstation security and the HIPAA Security Rule, OCR cited a 2015 settlement with Lahey Hospital and Medical Center in Burlington, Massachusetts, over a breach of PHI involving a laptop used in connection with a CT scanner.
In the digital age of healthcare delivery, the need for appropriate medical device cybersecurity is pervasive. Unenforced password protocols, outdated data storage, unencrypted data, unsecured access to networks—these are just a few examples of distinct vulnerabilities medical devices can have.