Your Workspace

In Ch 2 we talked about the device itself — the laptop, the phone, the encryption that protects what’s on them. This chapter is about the room around the device. Where does the work actually happen? Who else is in that space? When you step away — for a coffee, for the day, for a two-week break — what happens to the space you just left?

A locked laptop in an unlocked office is half a safeguard. A tidy desktop with an encrypted drive, in a room someone else can walk through, with today’s intake form still on the desk, is half a safeguard. The physical layer is not a technicality — it’s the part of the stack that protects you against the mundane stuff: the cleaner who comes Tuesdays, the family member who needs the printer, the client who shows up early and wanders into the consult room.

HIPAA Physical Safeguards cover four specific things that apply to a solo or small practice: §164.310(a) facility access controls (who can physically get into the space), §164.310(b) workstation use (what you do with the workstation), §164.310(c) workstation security (privacy filter, screen lock, positioning), and §164.310(d)(2)(i) disposal (what happens to paper and media when you’re done with them). None of these are about the network. All of them are about the space.