Thanks for printing!  Don't forget to come back to Healthcare Compliance Pros for fresh articles!

Did You Remember to log off Your Work Computer?

Occasionally we are asked if users should logoff their computer if an automatic logoff procedure is already in place.  For example, after 10 minutes of inactivity the computer either activates a screen saver that is password protected or the system may logoff the user.

While generally it is compliance with the HIPAA implementation specification that states:

Where reasonable and appropriate, the covered entity must “implement electronic procedures that terminate an electronic session after a predetermined time of inactivity.”

We always recommend anyone who has a system that can access electronic protected health information (ePHI) for any period of time, including for periods of time less than 10 minutes, should at the very least lock the computer / screen to prevent unauthorized users from access.

On a Windows PC this can be done by:    

  1. Pressing the Windows Key and the L key
  2. Cntrl-Alt-Del then clicking the Lock when it pops up
  3. Clicking the Start button then the user icon following by Lock

On a Mac it™s as simple as:

Clicking the apple icon in the top left corner, then clicking Lock Screen

Remembering to lock your workstation is a simple way to help protect patient privacy, and the security of information on your computer.

Implementing an IT Policy

When reviewing company policies and procedures, it is important to spend time updating your IT procedures. Failure to follow up with staff members when they do get in a rush and forget to log off the computer computer can leave your organization vulnerable to a number of problems. Failure to log off can lead to the following;

  1. Interference with the SQL database operations
  2. Backup failure
  3. Network access granted to the user can be compromised
  4. Updates are not installed
  5. Workstation registry is not properly completed
  6. Memory is not cleaned and refreshed
  7. Power issues
  8. Data files at risk
  9. Failure to manage the network effectively

Caring for your companies computer system is vital to protecting sensitive patient information. If you have not recently reviewed your IT policy, now is the the time to do so!

 

Return to the Home Page