Академический Документы
Профессиональный Документы
Культура Документы
This document is designed as a checklist that can be used to determine security risks on a
walkthrough of a facility.
The items in this checklist are derived from NIST SP 800-53 Recommended Security Controls
for Federal Information Systems and Organizations. As such, the items in this checklist are
neither required for HIPAA Compliance, nor guarantee HIPAA Compliance. However, this
checklist can be useful to a health care provider for identifying physical security risks in the
facility and can be used as part of an overall risk assessment.
The entries in the ID column relate directly to the IDs found in the “Physical and Environmental
Protection” section of SP 800-53 where more information and guidance can be found on the risks
and remediation of said item.
General
Policies PE-1 Documented policies and procedures
that address physical and environmental
security
Physical PE-2 Method to determine who is authorized
Authorization to access secure area of the office (e.g.
badges, swipe cards, biometrics)
Physical Protections
Monitors not PE-5(2) Computer monitors are protected from
visible visibility by unauthorized individuals
(e.g. by situating in such a way that they
are not visible or security filters on
screens)
Secure systems PE- Systems with access to EHR are
with access to 18(2) protected by theft by physical location
EHR or anti-theft controls (e.g. cable locks)
Notes: