Customize and scale
Integrate with virtually anything
Built for HIPAA compliance
Multistore and multivendor ready
Ideal for any bidding type
Use any merchant services
Search and filter through all our content and find what you're looking for in no time.
Get an in-depth overview of popular online solutions that our clients have benefited from.
Browse through our collection of articles that offer professional insight & opinions.
Stay current on all things Clarity with posts about our solutions and general Clarity news.
A B2B marketplace that enables buyers and suppliers worldwide to trade with buyers and suppliers within Africa.
Merck Animal Health, is a research-driven company that develops, manufactures and markets a broad range of veterinary medicines.
Serving nearly 20 Million international travellers, San Diego Airport's website is busy!
Multistore and multivendor capability
HIPAA Physical Safeguards for PHI What Are HIPAA Physical Safeguards? Physical safeguards are the physical measures put in place to protect a covered entity’s electronic information systems from environmental hazards and unauthorized intrusions. Physical safeguards are part of the HIPAA Security Rule. These electronic information systems are what store electronic protected health information, or ePHI, and therefore need physical safeguards whether they are housed on the covered entity’s premises or elsewhere. Facility access controls, workstations use and security, and device and media controls are the standards under physical safeguards [1]. All HIPAA compliant health-related entities must follow all the three types of safeguards under the HIPAA Security Rule: Physical Safeguards Administrative Safeguards Technical Safeguards Types of Physical Safeguards There are three main types of HIPAA physical safeguards every entity should implement for the safety of their equipment that stores sensitive health information. Facility Access Controls Facility access controls include things like locks and alarms to ensure that only authorized personnel can access the facilities and systems that house PHI, like servers, computers, and files. Covered entities must ensure that these physical safeguards are robust enough to prevent unauthorized access or intrusion while being operational enough to allow authorized members to pass through security checks. There are four implementation specifications to address: Contingency Operations – How and who will access PHI facilities during or after an emergency to restore data and ensure continued physical security. Facility Security Plans – How you’ll prevent unauthorized physical access to facilities and equipment that house PHI. Access Control and Validation Procedures – How you’ll limit access to only those who need it and validate the identity and authorization of those wanting to enter PHI-housing facilities. Maintenance Records – Records of all maintenance done for doors, locks, codes, keys, lockers, and other hardware to upkeep the security of the facility. Workstation Use and Security Workstations are devices like laptops and desktop computers that hold ePHI. Workstations need to be secured to prevent unauthorized access. Covered entities need to analyze operations to determine which devices will qualify as workstations for each one. Then, they need to establish physical safeguards for each workstation. Workstation Use Standard – Determines appropriate use of workstation devices, including what and how functions can be performed. Workstation Security Standard – Determines how workstations will be physically protected from unauthorized users [2]. Device and Media Controls Covered entities must have policies in place that manage how hardware and electronic media (such as memory cards, disks, tapes, or hard drives) carrying ePHI are moved into, out of, and within the facility. The Device and Media Controls standard also dictates how electronic media will be handled, including standards for: Data Backup and Storage – Establishes whether an exact copy of ePHI needs to be made before moving any equipment and how data will be stored. Accountability – How you’ll maintain a record of the people responsible for moving hardware and electronic media and how these things will be moved. Disposal – Addresses how you’ll make ePHI unusable or inaccessible on devices that you dispose of. Reuse – Determines how you’ll remove ePHI from devices or electronic media before reusing them. While standards for disposal and media reuse are required, data backup and storage and accountability standards are up to your organization to determine if and how they will be established [2]. Clarity eCommerce Is HIPAA-Compliant Sign up for a free discovery session with our HIPAA development experts to find the HIPAA eCommerce solution that’s best for your business. Get A Free Discovery Session References [1] HHS.Gov: What does the Security Rule mean by physical safeguards? [2] HHS.Gov: HIPAA Security Series Related Posts Free SRA Auditing Tool to Ensure HIPAA Compliance Limited Data Set: The Complete Guide What Is Financial Remuneration? Written by Autumn Spriggle Autumn Spriggle is a Content Writer at Clarity Ventures with experience in research and content design. She stays up to date with the latest trends in the tech industry so she can write content to help people like you realize the full potential for their business.
Physical safeguards are the physical measures put in place to protect a covered entity’s electronic information systems from environmental hazards and unauthorized intrusions. Physical safeguards are part of the HIPAA Security Rule.
These electronic information systems are what store electronic protected health information, or ePHI, and therefore need physical safeguards whether they are housed on the covered entity’s premises or elsewhere.
Facility access controls, workstations use and security, and device and media controls are the standards under physical safeguards [1]. All HIPAA compliant health-related entities must follow all the three types of safeguards under the HIPAA Security Rule:
There are three main types of HIPAA physical safeguards every entity should implement for the safety of their equipment that stores sensitive health information.
Facility access controls include things like locks and alarms to ensure that only authorized personnel can access the facilities and systems that house PHI, like servers, computers, and files.
Covered entities must ensure that these physical safeguards are robust enough to prevent unauthorized access or intrusion while being operational enough to allow authorized members to pass through security checks.
There are four implementation specifications to address:
Workstations are devices like laptops and desktop computers that hold ePHI. Workstations need to be secured to prevent unauthorized access.
Covered entities need to analyze operations to determine which devices will qualify as workstations for each one. Then, they need to establish physical safeguards for each workstation.
Covered entities must have policies in place that manage how hardware and electronic media (such as memory cards, disks, tapes, or hard drives) carrying ePHI are moved into, out of, and within the facility. The Device and Media Controls standard also dictates how electronic media will be handled, including standards for:
While standards for disposal and media reuse are required, data backup and storage and accountability standards are up to your organization to determine if and how they will be established [2].
Sign up for a free discovery session with our HIPAA development experts to find the HIPAA eCommerce solution that’s best for your business.
References
[1] HHS.Gov: What does the Security Rule mean by physical safeguards?
[2] HHS.Gov: HIPAA Security Series