HIPAA regulations complicate matters by specifying that a workstation is not only a fixed location device. Instead, the regulations state that any tablet computers, PDA or other portable device employed by your staff requires it meet the HIPAA regulations.

This means that your staff needs to be well versed on what constitutes acceptable computer usage. You need to make sure your staff understands that they cannot download any new programs or install outside software onto the workstation, without approval. Furthermore, no workstations should be used for file sharing activities.

The staff should also be well versed in proper log off techniques to make sure the terminal doesn’t stay open allowing unauthorized access.

In terms of the password protection, you must make sure that the password cannot be by pass it. A log in screen serves no purpose if it can be bypassed. If the user doesn’t have the proper password, they should not be able to access the terminal.

As time consuming as it can be, making sure that all workstations contain the most recent update of anti virus programs and contain the most recent releases of the operating system are key to ensuring that the workstations remain secure.

Also, consider the physical location of the monitor. Anyone to the side or behind the monitor can have an unobstructed view of patient data.  It may be necessary to readjust the position of the various monitors throughout the practice.  

You should also consider whether the information on the monitor could be viewed as a reflection in a mirror or piece of glass located behind the monitor. This step may seem overly cautious but that is better then allowing personal data to be viewed by unauthorized persons.

For the portable devices, you must consider limiting what devices can leave the building. Those that do leave the building must be equipped with all the same safeguards as those that remain in the office.