Computer security

May 6, 2005

Are there specific steps I need to take to make my computer system HIPAA compliant?

Q: Are there specific steps I need to take to make my computer system HIPAA compliant?

A: Yes. The security rule sets out more than 60 requirements. Here's a partial list: (1) Install and regularly update virus-protection software. (Make sure to protect workstation computers, too, and not just the server.) (2) Set screen savers to come on quickly, with reactivation requiring a password. (3) Be sure PDAs, tablet computers, and laptops are password-protected, just as desktops should be. (4) Position computer monitors so patients can't read what's on the screen. (5) When an employee quits or is fired, eliminate her computer password and be sure she surrenders her office keys. (6) Store backup tapes of files in a safe, offsite location, so that data will be protected in case of fire or flood.