Occasionally we are asked if users should log off their computer if an automatic logoff procedure is already in place. For example, after 10 minutes of inactivity, the computer either activates a screen saver that is password protected or the system may log off the user.
While generally, it is compliance with the HIPAA implementation specification that states:
Where reasonable and appropriate, the covered entity must "implement electronic procedures that terminate an electronic session after a predetermined time of inactivity."
We always recommend anyone who has a system that can access electronically protected health information (ePHI) for any period of time, including for periods of time less than 10 minutes, should at the very least lock the computer/screen to prevent unauthorized users from accessing.
On a Windows PC, this can be done by:
- Pressing the Windows Key and the L key
- Cntrl-Alt-Del then clicking the Lock when it pops up
- Clicking the Start button then the user icon followed by Lock
On a Mac, it's as simple as:
Clicking the apple icon in the top left corner, then clicking Lock Screen
Remembering to lock your workstation is a simple way to help protect patient privacy and the security of information on your computer.
Implementing an IT Policy
When reviewing company policies and procedures, it is important to spend time updating your IT procedures. Failure to follow up with staff members when they do get in a rush and forget to log off the computer can leave your organization vulnerable to a number of problems. Failure to log off can lead to the following;
- Interference with the SQL database operations
- Backup failure
- Network access granted to the user can be compromised
- Updates are not installed
- The workstation registry is not properly completed
- Memory is not cleaned and refreshed
- Power issues
- Data files at risk
- Failure to manage the network effectively
Caring for your companies computer system is vital to protecting sensitive patient information. If you have not recently reviewed your IT policy, now is the time to do so!