Tips for Securing Your Workstation
Download as PPTX, PDF0 likes116 views
This document provides guidelines for maintaining data and ePHI security at workstations. It recommends keeping computers clean by updating software, using firewalls and antivirus software, and removing unnecessary programs. It also suggests using strong passwords that are changed regularly, not sharing passwords, and logging off computers when unattended. The document emphasizes only opening emails and attachments from known senders and securing or encrypting any external drives or sensitive information.
Tips for Securing Your Workstation
- 1. September 24, 2014 Brian Solomon
- 2. Keep a clean computer Data/ePHI Security at the Workstation Passwords Summary References Brian Solomon 2
- 3. Never open email attachments from unknown senders. Never re-send “chain-mail.” Keep your operating system software up to date. Install anti-spyware software and keep it updated. Install anti-virus software and keep it updated. Make sure your firewall is enabled. Use strong passwords (See Password section). Remove unnecessary software. Use secure system configuration settings (browser, email, etc…). Brian Solomon 3
- 4. Never provide passwords or other personal information via email. Log off your computer when you leave your workstation. Use a strong screen saver with password. Password-protected screensavers should be enabled on workstation/laptops with a time- out interval deemed appropriate. All sensitive information such as ePHI must be encrypted. Periodically backup your data. If external data drives are used (CDs, flash drives, etc..), secure them before leaving your workstation. Have your IT department evaluate any shareware or free software before downloading. Brian Solomon 4
- 5. Passwords ought to have a minimum of six alphanumeric characters in length. A “Strong” password contains a combination of upper and lower case letters, numbers, and special characters (&, #, !, @, etc…). Passwords should not contain a word found in the dictionary, in any language, slang, jargon nor represent a name. Passwords should expire, be changed, every 90 to 180 days. If passwords need to be written down or stored on-line, they should be stored in a secure place separate from the application or system that is being protected by the password. Brian Solomon 5
- 6. Employees should not use the “Remember Password” feature of their computer or installed applications. Employee passwords and account information should never be shared. In rare cases where password sharing is unavoidable, restricted account access should be established by the IT staff. Password audits should be performed on a periodic basis by the IT staff. Brian Solomon 6
- 7. Never open email attachments from unknown senders. Never re-send “chain-mail.” Use strong passwords. Never provide passwords or other personal information via email. Log off your computer when you leave your workstation. If external data drives are used (CDs, flash drives, etc..), secure them before leaving your workstation. Do not use the “Remember Password” feature of the computer or installed applications. Brian Solomon 7
- 8. Reference to HIPAA Standard: Security Management Process (161.308(a)(1)); Information Access Management (161.308(a)(4)); Security Awareness and Training (161.308(a)(5)); Access Control (161.312(a)); Person or Entity Authentication (164.312(d)), Workstation Use 164.310(b); Workstation Security 164.310(c). Brian Solomon 8
Editor's Notes
- #3: Last year and a half, have worked 34 practices
- #4: Last year and a half, have worked 34 practices
- #5: Last year and a half, have worked 34 practices
- #6: Last year and a half, have worked 34 practices
- #7: Last year and a half, have worked 34 practices
- #8: Last year and a half, have worked 34 practices
- #9: Last year and a half, have worked 34 practices