Cyber Security:

Physical Safeguards

Erin Horpayak
Stephen Nevelik
Jennifer Nguyen
Hanna Sahagon
Observations during Simulated Audit

Recycle bin in each exam room

Unsecure fax machine

Only one person has the authority to manage staff access

Printer in every exam room

Access of EHR by clinic staff on personal devices

Paper charts accessible by all employees

 Physical Safeguards/Controls
● What physical safeguards/controls
would help protect against the audit
findings provided?

○ Facility access controls

■ Badge access, secured areas
○ Workstation use
■ Badge access, designated areas
○ Workstation security
■ Thin client systems, property tags
○ Device and media controls
■ Maintenance logs
Security Risk Assessment
Mitigation Strategies: Maintain Controls

1. Fax Machine:
○ Turn off fax machine before end of day to prevent
lab reports from being transmitted overnight.
2. Shredding Bins (Front/Back Office, Lab, Offices)
○ Ensure all papers placed in shred bin are shredded
before the end of day.
3. Printers (every patient room)
○ Printers can only print from the computer system
in that room. Controls accidental printing if a
provider printed to the wrong printer.
 Mitigation Strategies: Vulnerabilities

Need an emergency procedure for granting access to different areas

of the clinic

Access to paper charts should be limited and monitored

Best to digitize old records

Provide hardware for staff to use when not present

Questions?