2. Keep a clean computer
Data/ePHI Security at the Workstation
Passwords
Summary
References
Brian Solomon 2
3. Never open email attachments from unknown senders.
Never re-send “chain-mail.”
Keep your operating system software up to date.
Install anti-spyware software and keep it updated.
Install anti-virus software and keep it updated.
Make sure your firewall is enabled.
Use strong passwords (See Password section).
Remove unnecessary software.
Use secure system configuration settings (browser, email, etc…).
Brian Solomon 3
4. Never provide passwords or other personal information via email.
Log off your computer when you leave your workstation.
Use a strong screen saver with password. Password-protected
screensavers should be enabled on workstation/laptops with a time-
out interval deemed appropriate.
All sensitive information such as ePHI must be encrypted.
Periodically backup your data.
If external data drives are used (CDs, flash drives, etc..), secure them
before leaving your workstation.
Have your IT department evaluate any shareware or free software
before downloading.
Brian Solomon 4
5. Passwords ought to have a minimum of six alphanumeric characters
in length.
A “Strong” password contains a combination of upper and lower case
letters, numbers, and special characters (&, #, !, @, etc…).
Passwords should not contain a word found in the dictionary, in any
language, slang, jargon nor represent a name.
Passwords should expire, be changed, every 90 to 180 days.
If passwords need to be written down or stored on-line, they should
be stored in a secure place separate from the application or system
that is being protected by the password.
Brian Solomon 5
6. Employees should not use the “Remember Password” feature of their
computer or installed applications.
Employee passwords and account information should never be
shared.
In rare cases where password sharing is unavoidable, restricted
account access should be established by the IT staff.
Password audits should be performed on a periodic basis by the IT
staff.
Brian Solomon 6
7. Never open email attachments from unknown senders.
Never re-send “chain-mail.”
Use strong passwords.
Never provide passwords or other personal information via email.
Log off your computer when you leave your workstation.
If external data drives are used (CDs, flash drives, etc..), secure them
before leaving your workstation.
Do not use the “Remember Password” feature of the computer or
installed applications.
Brian Solomon 7
8. Reference to HIPAA Standard: Security Management Process
(161.308(a)(1));
Information Access Management (161.308(a)(4));
Security Awareness and Training (161.308(a)(5));
Access Control (161.312(a));
Person or Entity Authentication (164.312(d)),
Workstation Use 164.310(b);
Workstation Security 164.310(c).
Brian Solomon 8