HIPAA Workstation Use Policy Template


This HIPAA Workstation Use Policy Template is in Microsoft Word (.docx) format for easy editing. Each template is guaranteed to be fully HIPAA & HITECH compliant when properly implemented.


Developing a HIPAA Workstation Use Policy for your organization is an important part of protecting digital Protected Health Information (ePHI) and to ensure successful business operations. The HIPPAA Workstation Use Policy Template ensures that your policies and procedures conform to the current standards for ePHI security.

The purpose of this policy is to explain proper workstation functions and procedures as well as establishing suitable environments that are secure, compliant, and maintain appropriate levels of confidentiality. This document provides guidance on user responsibilities, access management protocols, file sharing requirements, system security parameters and best practices for ensuring data security on all computers with access to ePHI.

The template includes everything you need to create an explicit policy that should be read by all personnel with access to ePHI. With a solid HIPAA Workstation Use Policy in place, you can maintain strict user accountability and compliance within the organization while ensuring better quality control over sensitive data. It’s essential for any health care organization dealing with patient records in order to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

SAMPLE TEXT: ENTITY NAME has adopted this Workstation Use Policy in order to recognize the requirement to comply with the Health Insurance Portability and Accountability Act (“HIPAA”), as amended by the Health Information Technology for Economic and Clinical Health (“HITECH”) Act of 2009 (Title XIII of division A and Title IV of division B of the American Recovery and Reinvestment Act “ARRA”) and the HIPAA Omnibus Final Rule (Effective Date: March 26, 2013). We acknowledge that full compliance with the HIPAA Final Rule is required by or before September 23, 2013.

ENTITY NAME hereby acknowledges our duty and responsibility to protect the privacy and security of Individually Identifiable Health Information (“IIHI”) generally, and Protected Health Information (“PHI”) as defined in the HIPAA Regulations, under the regulations implementing HIPAA, other federal and state laws protecting the confidentiality of personal information, and under principles of general and professional ethics. We also acknowledge our duty and responsibility to support and facilitate the timely and unimpeded flow of health information for lawful and appropriate purposes.

Additional information



Applicable Section(s)


You may also like…

Go to Top