Skip to main content
Notifications
You're all caught up.
View all notifications
OnlyHIPAA
← All documentation

Physical Safeguards

The HIPAA Physical Safeguards (45 CFR §164.310) cover the devices and workstations that can reach ePHI. This area is a device inventory that tracks each one's encryption, access controls, and review schedule.

A device record

Each device records its type (workstation, laptop, mobile, server, tablet, and so on), serial / make-model, location, and who it's assigned to. The safeguard-relevant fields are encryption status and method, whether a screen lock is enabled, the auto-logoff timeout in minutes, and whether the device has ePHI access (devices that do are flagged).

Status & reviews

A device's status moves through active, retired, lost, or stolen. Set a next review date to schedule its next check; the list flags devices whose review is overdue, and those dates also surface on the compliance calendar. The summary counters call out the numbers that matter: devices with ePHI access, unencrypted devices, and overdue reviews.

Who can do what

Org admins add and edit devices. Everyone else views the inventory read-only. This area is available on every plan.

OnlyHIPAA

Making HIPAA compliance accessible for every healthcare organization.

HIPAA SOC 2 NIST CSF

View our security posture →

Product

  • Frameworks
  • Sherpa AI
  • Risk Analysis
  • Compliance Operations
  • Reporting
  • Integrations & API
  • Pricing

Company

  • About Us
  • Team
  • Mission
  • Contact

Legal

  • Privacy Policy
  • Terms of Service
  • BAA Template
  • Security

Resources

  • Documentation
  • HIPAA Guide
  • Blog
  • Status Page

© 2026 OnlyHIPAA, Inc. All rights reserved.

OnlyHIPAA provides tools to assist with HIPAA compliance but does not constitute legal advice. Consult qualified legal counsel for specific compliance guidance.