Health Information Management

Does HIPAA require us to keep the server room locked at all times?

HIM-HIPAA Insider, June 5, 2006

No. The HIPAA security rule does not include that much detail. Covered entities (and noncovered entities interested in adhering to sound security practices) may or may not choose to lock the server room door or, in larger organizations, the door to the data center.

It is important that you establish proper policies, procedures, and processes to limit server room access to only those who need it. Although HIPAA does not require that you lock server room and data center doors at all times, it is a beneficial security practice. Only work force members with a defined need to access the server room or data center should have key or swipe-card access.

Editor's note: Chris Apgar, CISSP, president of Portland, OR-based Apgar & Associates, LLC, answered this question. This is not legal advice. Consult your attorney for legal matters.

    Briefings on APCs
  • Briefings on APCs

    Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

  • HIM Briefings

    Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

  • Briefings on Coding Compliance Strategies

    Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...

  • Briefings on HIPAA

    How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

  • APCs Insider

    This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...

Most Popular