Top Menu

HIPAA Security Reminder of the Week

Where do we place servers that store ePHI?

When determining the location of servers with PHI or PII, consider these two main factors: physical and environmental protection.

Physical protection should be focused on preventing unauthorized individuals from accessing the server (e.g. storing the server in locked room accessible only to staff).

Environmental protection should focus on protecting the server from fire, water and other elements. Store the server off the floor, away from water and windows, and in a temperature-regulated room.

Additional resources are on the PCI and NIST websites.