Privacy and Security - Hardware and Peripherals - EBUS.07

For the purpose of this education material,

• Hardware is referring to the computer, their internal operating systems, monitors (e.g., desktops and laptops);
• Peripheral devices are referring to external devices connected to a computer or network (e.g., printers, fax machines); and
• Mobile devices are referring to portable devices such as laptops, smart phones, iPods, and USB drives.

Hardware

When a user is logged on and leaves their computer unattended, it is vulnerable to unauthorized access resulting in data modification or other fraudulent uses. As a security practice, users must lock their computer before leaving it unattended. Note, by default, when a computer has been left unattended and inactive for a maximum of fifteen (15) minutes it will automatically lock out all users, requiring them to login again.

In order to maintain the confidentiality of any health information make sure your computer monitor is situated in a manner that prevents viewing by any unauthorized person.

Peripheral Devices

All peripheral devices (e.g., printers) must be located in a secure area (not accessible to the public) to prevent unauthorized access to confidential information.

Mobile Devices

Mobile devices and removable media containing personal health information must be password protected and encrypted. When these devices are not in the user's direct control, measures must be in place to protect mobile devices from theft or misuse. This may include using locking devices with physical locks or equivalent.