HIPAA Regulations Aren’t Just for Network Security
If your business is even barely adjacent to healthcare, you’ve heard a lot about HIPAA. You may even have a department (or at least an employee) dedicated almost entirely to security compliance. But maintaining an impenetrable network and keeping your business devices secure isn’t enough. Physical security is also important since most companies would quickly fail a penetration test about the physical office space.
What are the physical risks to your office or business space?
Companies with HIPAA compliance requirements have to ensure every avenue of potential access to personal health information (PHI). Some companies choose to lock down their floors in a shared office with key fobs, cameras, digital security, and tightknit authorization procedures, while many others buy out a whole building so they don’t have to worry about other companies’ security vulnerabilities. And that’s often the first physical weakness to office security: who can get into the building itself, even if not a specific floor.
You also have to have procedures for anyone who might walk through the doors. Employees are often the first ones to get a procedure: your company probably has key fobs or name badges that individually identify employees and grant them access to different spaces based on their position in a security hierarchy. But once the door is open, your employees are the only guards. Make sure they’re trained to make sure everyone they let in has a badge. It’s hard because we’re all trained from an early age to hold open the door for other people. But being courteous is a security concern. Whether they’re friendly coworkers, familiar faces, or someone wearing a technician’s uniform or badge, everyone has to swipe in.
Another physical risk is that employees don’t know what to do when someone doesn’t follow the plan. A good employee might stare down an unknown visitor expectantly or not open a closed door, but once the door is open and the visitor acts like they know precisely what they’re doing, employees might let it go. Make sure your employees know who to call, what to say, and how to approach the situation instead of ignoring it.
Your physical office environment does a lot more than just set the stage for employee productivity. It keeps your data secure, follows mandatory constraints, and gives the company a barrier against different types of threats. Go to Tangram for more design elements and suggestions to achieve it all.
