What Are Physical Safeguards?
Physical Safeguards are important.
You never know who your patient (or patient’s mom) is…..
A few nights ago my daughter was sick enough to warrant a trip to the ER. (She’s fine now, thank you).
In my haste to get her there, I left my cell phone at home so on two occasions I used the phone at a station in the ER. On one occasion, I was led to the phone where the staff member dialed 9, let me dial the number and left me standing in front of the computer screen on the desk. It had identifiers for the current patients in the pediatric ER. I deliberately averted my eyes.
On the next occasion, the staff member dialed 9 and the number I wanted and instructed me to stand behind the computer screen.
Props to staff member number 2. She used what’s known as physical safeguards….which simply means that she used measures to prevent me from seeing other people’s information.
HIPAA’s Definition of Physical Safeguards
HIPAA defines physical safeguards as policies, and procedures to protect a covered entity’s electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion. Therefore, health care providers like the ER must implement policies and procedures to limit physical access to its electronic information systems and the facility or facilities in which they are housed, while ensuring that properly authorized access is allowed. HIPAA also requires that health care providers implement physical safeguards for all workstations that access electronic protected health information, to restrict access to authorized users.
In this example, a provider serving mainly HIV patients entered into a resolution agreement with Health and Human Services that required them to reposition its computer monitors to prevent patients from viewing information on the screens. The practice installed computer monitor privacy screens to prevent impermissible disclosures.
Physical Safeguards Are Important
This isn’t meant to call out a “wrongdoing”-just to illustrate how easy it is to forget to protect someone’s data and how easy it is to protect it.
Training staff on practices using actual scenarios like mine and repeating the training often are keys to success. Ingrain it so it can’t be forgotten easily. Kind of like those ubiquitous “employees must wash hands before returning to work” signs.
Have you ever seen anyone’s data by mistake? What did you see?