The organization must forbid the entry into the facilities of elements that allow the extraction of digital or physical information assets.
HIPAA Security Rules 164.310(a)(2)(ii): Facility Security Plan: Implement policies and procedures to safeguard the facility and the equipment therein from unauthorized physical access, tampering, and theft
HIPAA Security Rules 164.310(c): Workstation Security: Implement physical safeguards for all workstations that access electronic protected health information to restrict access to authorized users.
Start with Fluid Attacks
We are a proud corporate member of the OWASP Foundation