What is a HIPAA Screensaver?

A HIPAA screensaver is basically a screensaver that automatically turns on after a computer is left unattended for a period of time. HIPAA screensaver compliance is discussed below.

HIPAA Computer Screen Lock

Although there are no specific HIPAA screensaver requirements, the Department of Health and Human Services (HHS) provides some guidance on HIPAA computer screen lock requirements.

The HHS states a covered entity must, “Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity.” In essence, HIPAA computer screen lock requirements prevent unauthorized access to electronic protected health information (ePHI) and as such, must be implemented on any device that stores or has the potential to access ePHI.

HIPAA Automatic Logoff Time and HIPAA Screensaver Timeout Requirements

HIPAA Screensaver

While employees can manually lock their computers when leaving their workstation unattended, HIPAA best practices would be to implement automatic logoff procedures. Automatic logoff procedures should be determined in your organization’s workstation security policy. 

In the workstation security policy, your organization must establish when a screensaver will be enabled. As in, how much time must elapse before automatic logoff procedures are activated and the HIPAA screensaver is enabled. 

Rated #1 on G2

“Compliancy Group makes a highly complex process easy to understand.”

Easiest To Do Business With Summer 2024

HHS has not established a specific time measurement for HIPAA screensaver timeout requirements. However, it is fair to say that a screensaver should be enabled fairly quickly after a workstation has been left unattended, especially if the workspace in which the computer is stationed is accessible to the public, such as a doctor’s waiting room area. In theory, best practices would be for an employee to log off their workstation when leaving it unattended, but it is unrealistic to expect an employee to remember to do so every time they leave their workstation.

We recommend that organizations should set their HIPAA automatic logoff time for computers that have access to ePHI within 10 minutes of the workstation being left unattended.

For more information on HHS technical safeguard requirements, including HIPAA automatic logoff procedures, please click here.

Compliancy Group’s HIPAA Screensaver

Compliancy Group’s screensaver was specifically designed with HIPAA in mind. Our HIPAA screensaver states, “This device may create, maintain, transmit, or receive confidential information, including patient information protected by federal and state privacy laws. Use of this device is limited to authorized employees, in accordance with company policy. By using this device, all users hereby accept the security policy of the organization.” 

By displaying our screensaver on your organization’s computers, unauthorized users are alerted that they are prohibited from accessing equipment containing ePHI. This prevents unauthorized access or disclosure of PHI breaches.

Healthcare Compliance Software - CG

Prevent Healthcare Breaches

Don’t fall victim to breaches. Protect your business by becoming compliant today!