Corporate Compliance

Tip: Automatic logoff

Compliance Monitor, July 28, 2010

For HIPAA security, organizations must implement procedures that terminate an electronic session after a predetermined time of inactivity or an equivalent measure. Many systems have an auto logoff or inactivity timeout feature included. The feature provides a technical safety net when users put electronic protected health information (ePHI) at risk by leaving a workstation and failing to log off. Consider the following compliance tips:

  • If your ePHI system does not have an automatic logoff feature, ask your vendor to implement one. Alternatively, use an automatic password protected screen saver on the user’s workstation.
  • If your system provides an automatic logoff feature, use it. The feature works differently in various vendor products, but in general, you must decide the length of the inactivity period leading to automatic logoff.

This week’s tip was adapted from The Compliance Officer’s Handbook. For more information about the book or to order your copy, visit the HCMarketplace.

Most Popular