top of page
Search

OCR Discusses Facility Access Controls

Writer's picture: Alan DavisAlan Davis

This month's Office of Civil Rights newsletter explains what facility access controls are and how to implement them. They note that "...Recent data security research suggests that only 7% of data security decision makers are concerned with breaches due to lost or stolen equipment, even though these account for 17% of breaches...". We know from practical experience that HIPAA's physical security requirements are often handed off to people who may not prioritize compliance and risk.


For those new to the Security Rule, Facility Access Controls is found looking at § 164.310(a)(1). Under this standard are four addressable implementation specifications:

§ 164.310(a)(2)(i) - Contingency Operations

§ 164.310(a)(2)(ii) - Facility Security Plan

§ 164.310(a)(2)(iii) - Access Control and Validation Procedures, and

§ 164.310(a)(2)(iv) - Maintenance Records


and each is explained in detail by viewing the source document, hyperlinked to the graphic below.


When we think of the security controls associated with a facility, we recommend focusing on defeating theft and natural disaster response. It's sometimes difficult to limit access, especially in the case of hospitals or other 24x7 healthcare providers - especially when there are computers everywhere.


Please contact us if you need help understanding what security controls you should implement to protect your facilities and to comply with the Security Rule.

Stay (HIPAA) safe,

Alan -



1 view0 comments

Comments


Experience                   Integrity                        Results

Proteus Consulting, LLC

Hayden, ID, 83835

(208) 215.5607

Copyright © 2013 - 2024 Proteus Consulting, LLC

bottom of page