마지막 수정: 3월 19, 2025

Policy No. 4204 Security for Sensitive Workstations (For HIPAA) Procedure

• Download Security for Sensitive Workstations (For HIPAA) Procedure Document

목적

The purpose of this procedure is to ensure the security of information a sensitive workstation may have access to. Additionally, the procedure provides guidance to ensure the requirements of the HIPAA Security Rule “Workstation Security” Standard 164.310(c) are met.

범위

This procedure applies to any PCSD-controlled (see definition in the Data Classification Procedure) workstation. These workstations will be determined by the InfoSec Team.

절차

Appropriate measures must be taken when using workstations to ensure the confidentiality, integrity, and availability of sensitive information, including protected health information (PHI), and that access to sensitive information is restricted to authorized users.

• PCSD employees using controlled workstations shall consider the sensitivity of the information, including protected health information (PHI) that may be accessed and minimize the possibility of unauthorized access.
• PCSD will implement physical and technical safeguards for all workstations that access electronic protected health information to restrict access to authorized users.

Appropriate Measures Include:

• Restricting physical access to workstations to only authorized personnel.
• Securing workstations (screen lock or logout) prior to leaving the area to prevent unauthorized access.
• Enabling a password-protected screen saver with a short timeout period to ensure that unattended workstations are protected. The password must comply with the PCSD Password Procedure.
• 모든 해당 비밀번호 정책 및 절차를 준수합니다. 참조 PCSD Password Procedure.
• Ensuring controlled workstations are used for authorized business purposes only.
• Never installing unauthorized software on controlled workstations.
• Storing all sensitive information, including protected health information (PHI), on secured network servers.
• Securing laptops that contain sensitive information by using cable locks or locking laptops up in drawers or cabinets.
• Complying with the Portable Workstation Encryption Procedure.
• Complying with the Baseline Workstation Configuration Standard.
• Installing privacy screen filters or using other physical barriers to alleviate exposing data.
• Exiting running applications and closing open documents before leaving the workstation.
• Ensuring that controlled workstations use a surge protector (not just a power strip) or a UPS (battery backup).
• If wireless network access is used, ensure access is secure by following the Wireless Communication Procedure.

마지막 업데이트 상태:

2015년 1월 업데이트

관련 정책 및 절차

• 4204 기술 사용
• 4204 허용되는 사용
• 4204 감사
• 4204 클린 데스크
• 4204 재해 복구 계획
• 4204 이메일
• 4204 직원 보안 인식 교육
• 4204 암호화
• 4204 비밀번호
• 4204 원격 액세스
• 4204 라우터 및 스위치 보안
• 4204 민감한 워크스테이션을 위한 보안
• 4204 보안 대응 계획
• 4204 서버 보안
• 4204 소프트웨어 설치
• 4204 웹사이트 서비스 보안
• 4204 무선 장치 통신
• 4204 무선 인프라 통신