Keep Physical Assets Secure
Assets like files, computing equipment, and information must be secure. The EHR system must be safe from unauthorized access. The single most common way that PHI is compromised is through the loss of devices themselves, either through theft or accidentally. Incidents reported to the HHS Office for Civil Rights show that more than half of all data loss cases consist of missing devices ranging from portable hand-held devices to hard drives or entire desktop systems, and even servers.
It is important to limit the chances that a device may be tampered with, lost, or stolen.
Make sure your portable devices are physically secure. Limit physical access to the office area. If you lose or misplace your key or badge, notify your Security Officer immediately.