Cyber Security Policy for Your LTPAC Facility:  The Physical Safeguard Components (Part 2 of 5)

Physical Safeguard Components - computer-lock-300x200


As we discussed in the previous blog, a cyber security policy is crucial for any facility operating within the LTPAC industry. It is vital that there is a policy in place to deal with security issues and standards surrounding hardware, software, patient files, employee records, payment information, and internal communications.


The First, and Simplest, Safeguard

While the first terms that may come to mind when dealing with cyber security may include “anti-virus software” and “firewalls,” there are other safeguards that must be in place before establishing anti-virus software, firewalls, and other technical safeguards. The first step (and often most overlooked) is the simplest: ensuring the physical security of your electronic assets and data.


Physical security typically deals with physical assets such as computer terminals, laptops, printers, thumb drives, shredding machines, CD-ROMs, and printed materials or records. It is vital that you include measures in your cyber security policy to support the security of this type of property.


Protecting your Physical Assets

Protecting your physical electronic assets and printed records isn’t just a smart move; it is also required for all medical facilities in conjunction with the HIPAA Security Rule and its standards.  According to HIPAA, “Physical safeguards are physical measures, policies and procedures to protect and secure a covered entity’s electronic information systems. The safeguards are focused on protecting electronic information systems and related buildings and equipment from natural hazards, environmental hazards, and unauthorized intrusion. “


Physical safeguard components include, but are not limited to, such measures as:


For further information regarding specific HIPAA standards for physical security standards and measures, click here. As always, you may have to add additional physical safeguards to your cyber security plan based on the layout of your facility, the equipment in your facility, and other factors.


The next three blogs will discuss the next two elements of a comprehensive cyber security policy: developing and implementing administrative safeguards, developing and implementing technical safeguards as well as outline how to develop a contingency plan in the event of a cyber breach or attack. Additionally, the blogs will provide resources for LTPAC managers and professionals.


Next blogs: