This entry is part 54 of 59 in the series Complete Guide to HIPAA Security Final Rule

(2) Implementation specifications:

(iii) Automatic logoff (Addressable).  Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity.

Tell Me More:

The Automatic Logoff implementation specification requires covered entities to address implementing electronic procedures that terminate an electronic session after a predetermined time of inactivity. This is an addressable specification.

Workforce members often walk away from workstations without logging off. This can be a security concern, particularly in areas with public access. Automatic log-off procedures can be implemented to minimize the likelihood that an unauthorized individual may access the workstation.

Such mechanisms might include a password-protected screen saver or configuring the operating system or other application to terminate a session after being idle for more than a few minutes.

complete set of HIPAA Security Policies and Procedures may be purchased here.


Questions to consider:

  • Do the technical systems support automatic log-offs?
  • Does the organization want to implement automatic log-offs? While addressable, it is likely that automatic log-offs will need to be implemented to reduce the risk of a security breach. Remember to monitor the use of log-offs and to minimize the ability of workforce members to override the automatic log-offs.



Series Navigation<< 164.312(d) Technical safeguards – Standard: Person or entity authentication164.308(a)(2) Administrative safeguards – Standard: Assigned security responsibility >>

Michelle Caswell

Senior Director, Legal & Compliance at Clearwater Compliance
Michelle Caswell has over 14 years legal and healthcare experience and worked as a HIPAA Investigator for the U.S. Department of Health and Human Services, Office for Civil Rights where she ensured covered entities were in compliance with HIPAA, conducted complaint investigations and educated entities on HIPAA compliance. Michelle brings that experience to Clearwater Compliance as Senior Director, Legal and Compliance.