(c) Standard: Workstation security.  Implement physical safeguards for all workstations that access electronic protected health information, to restrict access to authorized

Tell Me More:

The Workstation Security standard encompasses the area of secure workstation location, that is the general physical surroundings of the workstation. Secure workstation location may result in physical safeguards such as walls, kiosks or hoods which limit the visibility of monitors. It addresses issues such as:

  • Physical attributes of the surroundings
  • The sensitivity of data to be accessed from a site
  • Monitor positioning (screens turned away from public)

For example, a terminal used to access sensitive information may be placed in a locked room and restricting access to that room to authorized personnel. Another example is not placing a terminal used to access patient information in any area of a doctor’s office where the screen contents can be viewed from the reception area. Screens should be turned away from the public.

complete set of HIPAA Security Policies and Procedures may be purchased here.


Questions to consider:

  • Is access to the building controlled?
  • Is access to the computing facility controlled?
  • Are systems adequately protected from theft?
  • Are procedures in place to adequately dispose confidential information per HIPAA requirements?
  • Are workstations secured after hours?
  • Are the activities of the cleaning crew monitored?
  • Are data backups sent to an off-site location for safe storage?
  • Have procedures been developed for testing and revision of applications and systems?
  • Are members of the workforce trained on key security issues?
  • Has the organization implemented physical safeguards to eliminate or minimize unauthorized access/viewing of health information on workstations?



Series Navigation<< 164.308(a)(6)(i) Administrative safeguards – Standard: Security incident procedures164.312(d) Technical safeguards – Standard: Person or entity authentication >>