Unauthorized Devices: At no time should EPHI be stored on an unapproved device or a personal home computer or device. EPHI may not be viewed or stored inadvertently or intentionally on unauthorized devices or media.
Unsecured Networks: At no time should EPHI be accessed or distributed using an unsecured public or private network. Remote access locations and the use of wireless networks outside your covered entity must be approved by your security team.
Workstation Security: All workstations accessing EPHI must be positioned or located in a manner that will minimize the exposure of any displayed patient or sensitive business information. When necessary, privacy screens should be deployed.