To help you protect the security and privacy of PHI accessed or stored at your workstation, follow these procedures.


Report Security Events Involving Your Workstation or Access to it

Report security events involving the use of your workstation to the Department of Medicine Helpdesk.  For example, if an unauthorized individual tried to use your desktop or laptop computer, alert the DOM Helpdesk.  Also report any loss, damage, malfunction, misplacement, or theft of the computer to the DOM Helpdesk immediately.

Place Computer Monitor So that PHI Displayed on the Screen Is not Visible to Unauthorized Persons

If you are using a computer to store or access PHI, place the computer monitor so that PHI displayed on the screen cannot be seen by unauthorized persons.  For instance, computer monitors should not be in the line of sight in doorways, windows, or aisles.

Also, do not give others the opportunity to look over your shoulder if you are working with data that contains PHI. And be aware of the presence of unauthorized persons in your work area.

Create Strong Passwords that Are Difficult for Others to Guess

Make sure the passwords you create to start up your computers and access data are not easy to guess.  For example, both Spring2021 and Badger2021!! are easy to guess and not secure passwords.  Passwords that are easy for someone else to guess increase the chance that an unauthorized party could gain access to university data and the electronic PHI they contain.

Ideally, your password should:  Be a combination of letters and numerals.  For example, you can turn the sentence "Get to work" into the password "get2work".  Use both uppercase and lowercase letters.  For example, you could strengthen the password "get2work" by adding random capitalization to create the password "gEt2woRk".  Use special characters.  For example, "I'm a number one skater" could become the password "Ima#1sk8tr."

Consider using a Password Database Tool

Learn How To Select, Manage & Protect Your Passwords

Create strong passwords and do not share your password with anyone 

Include phrases comprised of typical English words, in uncommon combinations (e.g., poolpartyladderplatypus)

Consider using a password manager such as LastPass or KeePass to store all your passwords in one place

Keep Passwords Confidential

It is extremely important to keep your passwords confidential.  Computer users often disclose their passwords (either accidentally or intentionally).  Do not reveal your password to anyone online or by telephone.  If you are ever asked to reveal your password in those situations, immediately contact the DOM helpdesk.

Best practices recommend your password on a phrase or message you can easily remember without writing it down.  

Close an Application When You've Completed the Task

When you have finished your task in a particular computer application, such as a Word document, close that application and remove it from your computer screen.  Otherwise, the PHI in that application remains open and accessible to unauthorized users.

You should store all your data to DOM file shares (e.g. drives G, K) which is a secure location

Data should only be stored on the network file shares and NOT on laptops and desktop computers local drive (C: drive on windows).  Data on network drives is BACKED UP daily.  Storing data on local laptops and desktops run the risk of losing data if the hardware malfunctions or stops working.  If laptops are lost or stolen and contain PHI on the local drive a HIPAA security incident must be filed by DOM IT. 

Lock Your Computer at the End of the Day and When You'll Be Away from It for an Extended Period

You will need to manually log off your computer at the end of your workday.  A quick way to do this is to hit The Windows Key and L at the same time.  Additionally, it is a good idea to log off your computer when you will be away from it for more than 30 minutes or you will be leaving the premises during the workday.  It is also good practice to reboot your computer once a week.

Use Workstation Only for Business Purposes

Only you are authorized to use the workstation for university business, and it must not be shared with family members.  To prevent PHI from being compromised, it is important that workstations be used only for justifiable business reasons.

Do Not Leave Portable Computers Unattended

If you have a DOM laptop, do not leave it or any related components such as batteries and power cables unattended unless they are secured in some way.  

Use Only a Printer Located in a Secure, Limited-Access Area

If you are sending documents containing PHI from your computer to a printer, use only a DOM printer that is in a secure area and inaccessible to the public.  The DOM printer should be in an area that requires security keys, badges, or similar mechanisms to gain access to it.




Was this article helpful?

0 out of 0 found this helpful