Restricting access to protected data

September 2, 2005

My hospital now permits us to review medical records electronically at home. The problem is my son and wife also use my computer on occasion. Is this a HIPAA violation?

Q: My hospital now permits us to review medical records electronically at home. The problem is my son and wife also use my computer on occasion. Is this a HIPAA violation?

A: Not directly. There's nothing in HIPAA that absolutely prohibits your wife or son from using the home computer that you use to review medical records. But, under the law, you must restrict their access to any protected patient information stored in that computer. Specifically, according to HIPAA's workstation security standard, you must "implement physical safeguards for all workstations that access [medical] information." For example, if you need a unique ID and password to log into your hospital system from your home computer, take steps to ensure that no one else gets hold of them.