CYBER SECURITY ASSESSMENTS // PENETRATION TESTING // DATA SECURITY // IT SECURITY // SECURITY AUDITS // DIGITAL FORENSICS // CYBER INTELLIGENCE

  • HOME

  • ABOUT US

  • SERVICES

  • CONTACT

  • KNOWLEDGE

  • BUY ONLINE

  • More

    10. Control Physical Access

     

     

    Not only must assets like files and information be secured; the devices themselves that make up an EHR system must also be safe from unauthorized access. The single most common way that electronic health information is compromised is through the loss of devices, whether this happens accidentally or through theft. Incidents reported to the Office for Civil Rights show that more than half of all these data loss cases consist of missing devices, including portable storage media (e.g., thumb or flash drives, CDs, or DVDs), laptops, handhelds, desktop computers, and even hard drives ripped out of machines, lost and stolen backup tapes, and entire network servers.

     

    Should a data storage device disappear — no matter how well an office has taken care of its passwords, access control, and file permissions — it is still possible that a determined individual could access the information on it. Therefore, it is importaprotection should be focused on preventing unauthorized individuals from accessing the server (e.g., storing the server in a locked room accessible only to staff). Environmental protections should focus on protecting the server from fire, water, and other elements (e.g., never store a server in a restroom; instead store the server off the floor, away from water and windows, and in a temperature-regulated room). Download Physical Access Checklist12nt to limit the chances that a device may be tampered with, lost, or stolen.

     

    Securing devices and information physically should include policies limiting physical access, e.g., securing machines in locked rooms, managing physical keys, and restricting the ability to remove devices from a secure area.

     

    Where should I place my server that stores electronic health information?

     

    When considering where to locate a server containing electronic health information (such as within an EHR), two main factors should be considered: physical and environmental protection. Physical protection should be focused on preventing unauthorized individuals from accessing the server (e.g., storing the server in a locked room accessible only to staff). Environmental protections should focus on protecting the server from fire, water, and other elements (e.g., never store a server in a restroom; instead store the server off the floor, away from water and windows, and in a temperature-regulated room).

     

    Download Physical Access Checklist12

     

    Physical Access Checklist

     Policies are in place prescribing the physical safety and security of devices.

     All staff members understand and agree to abide by physical access policies and procedures.

     All devices containing Protected Health Information (PHI) are inventoried and can be accounted for.

     Computers are protected from environmental hazards.

     Physical access to secure areas is limited to authorized individuals.

     Computers running Electronic Health Record (EHR) systems are shielded from unauthorized viewing.

     Equipment located in high-traffic or less secure areas is physically secured.

     

     

    Trojan 1 | PCI Compliance | HIPAA Compliance | GLBA Compliance | GDPR Compliance | Penetration Testing | Web Application Assessment | Corporate Security Assessment | Cyber Threat Intelligence 24 / 7

     

    Cyber Breach Lawyers | Vulnerability Assessments | CISO On Demand | Black Ops | Secure Cloud | Personal Security Assessments | Small Business IT Security  | NY Cybersecurity Rule 23 NYCRR 500

     

    Ethical Hacking for Small Businesses | IT Compliance Small Business | Security Breach Management Solutions | Big Data Security | Corporate Randsomware

     

    Website Security for Small Businesses | Security Consulting Services | Enterprise Security Services | Drone & Robotic IT Security

     

    Complete IT/Cyber Security Assessment |  Security Governance Services | Security & Risk Management | Digital Forensics

     

    Social Engineering Testing  | Cyber Liability Insurance | Data Centers Transformation & Security | Secure Access and Continuity Solutions

     

    Mobility Management  & Security | Network Management  Security Solutions | EndPoint Security Solutions |  National Vulnrability Database

    • HOME

    • ABOUT US

    • SERVICES

    • CONTACT

    • KNOWLEDGE

    • BUY ONLINE

    • More

      2200 PENNSYLVANIA AVENUE | NW | 4TH FLOOR EAST​ | WASHINGTON, D.C. 20037​

      ​​Tel: 202.507.5773 | Fax: 202.507.5601​ |  ContactUs@TrojanHorseSecurity.com

       

      • s-linkedin
      • s-facebook
      • Google Metallic
      • YouTube Metallic
      • Pinterest Metallic
      • s-tbird

      © 2020  TROJAN HORSE SECURITY INC