Locking the server room
Compliance Monitor, June 9, 2006
Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!
Q: Does HIPAA require us to keep the server room locked at all times?
A: No. The HIPAA security rule does not include that much detail. Covered entities (and noncovered entities interested in adhering to sound security practices) may or may not choose to lock the server room door or, in larger organizations, the door to the data center.
It is important that you establish proper policies, procedures, and processes to limit server room access to only those who need it. Although HIPAA does not require that you lock server room and data center doors at all times, it is a beneficial security practice. Only work force members with a defined need to access the server room or data center should have key or swipe-card access.
Editor's note: Chris Apgar, CISSP, president of Portland, OR-based Apgar & Associates, LLC, answered this question. This is not legal advice. Consult your attorney for legal matters.
Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!
Related Products
-
Strategies for Health Care Compliance
News and real-life examples to increase the effectiveness of your compliance program. Strategies for Health Care Compliance...
-
Compliance Monitor
This HTML e-mail newsletter delivers news on Medicare and Medicaid fraud and abuse, as well as recent documents and targets...
-
Medicare Weekly Update
Each issue of Medicare Weekly Update includes the latest CMS proposed and final rules, CMS manual revisions, and...
-
Medicare Update for Physician Services
Medicare Update for Physician Services is a free, monthly e-zine that delivers news and information to help physician...
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- HIPAA Q&A: Level of encryption needed for email
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- OB services: Coding inside and outside of the package
- QA:Coding multiple initial infusions
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- CMS has reformulated payments for some bilateral procedures
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched