To help you protect the security and privacy of PHI accessed or stored at your workstation, follow these procedures.
Report Security Events Involving Your Workstation or Access to it
Report security events involving the use of your workstation to the Department of Medicine Helpdesk. For example, if an unauthorized individual tried to use your desktop or laptop computer, alert the DOM Helpdesk. Also report any loss, damage, malfunction, misplacement, or theft of the computer to the DOM Helpdesk immediately.
Place Computer Monitor So that PHI Displayed on the Screen Is not Visible to Unauthorized Persons
If you are using a computer to store or access PHI, place the computer monitor so that PHI displayed on the screen cannot be seen by unauthorized persons. For instance, computer monitors should not be in the line of sight in doorways, windows, or aisles.
Also, do not give others the opportunity to look over your shoulder if you are working with data that contains PHI. And be aware of the presence of unauthorized persons in your work area.
Create Strong Passwords that Are Difficult for Others to Guess
Make sure the passwords you create to start up your computers and access data are not easy to guess. For example, both Spring2021 and Badger2021!! are easy to guess and not secure passwords. Passwords that are easy for someone else to guess increase the chance that an unauthorized party could gain access to university data and the electronic PHI they contain.
Ideally, your password should: Be a combination of letters and numerals. For example, you can turn the sentence "Get to work" into the password "get2work". Use both uppercase and lowercase letters. For example, you could strengthen the password "get2work" by adding random capitalization to create the password "gEt2woRk". Use special characters. For example, "I'm a number one skater" could become the password "Ima#1sk8tr."
Consider using a Password Database Tool
Create strong passwords and do not share your password with anyone
Include phrases comprised of typical English words, in uncommon combinations (e.g., poolpartyladderplatypus)
Keep Passwords Confidential
It is extremely important to keep your passwords confidential. Computer users often disclose their passwords (either accidentally or intentionally). Do not reveal your password to anyone online or by telephone. If you are ever asked to reveal your password in those situations, immediately contact the DOM helpdesk.
Best practices recommend your password on a phrase or message you can easily remember without writing it down.
Close an Application When You've Completed the Task
When you have finished your task in a particular computer application, such as a Word document, close that application and remove it from your computer screen. Otherwise, the PHI in that application remains open and accessible to unauthorized users.
You should store all your data to DOM file shares (e.g. drives G, K) which is a secure location
Data should only be stored on the network file shares and NOT on laptops and desktop computers local drive (C: drive on windows). Data on network drives is BACKED UP daily. Storing data on local laptops and desktops run the risk of losing data if the hardware malfunctions or stops working. If laptops are lost or stolen and contain PHI on the local drive a HIPAA security incident must be filed by DOM IT.
Lock Your Computer at the End of the Day and When You'll Be Away from It for an Extended Period
You will need to manually log off your computer at the end of your workday. A quick way to do this is to hit The Windows Key and L at the same time. Additionally, it is a good idea to log off your computer when you will be away from it for more than 30 minutes or you will be leaving the premises during the workday. It is also good practice to reboot your computer once a week.
Use Workstation Only for Business Purposes
Only you are authorized to use the workstation for university business, and it must not be shared with family members. To prevent PHI from being compromised, it is important that workstations be used only for justifiable business reasons.
Do Not Leave Portable Computers Unattended
If you have a DOM laptop, do not leave it or any related components such as batteries and power cables unattended unless they are secured in some way.
Use Only a Printer Located in a Secure, Limited-Access Area
If you are sending documents containing PHI from your computer to a printer, use only a DOM printer that is in a secure area and inaccessible to the public. The DOM printer should be in an area that requires security keys, badges, or similar mechanisms to gain access to it.