Workstation and device security
Apple policies require that security controls and endpoint configurations be implemented for computers used by employees who may access systems that support Health app data Share with Provider. Apple internal policies, standards, and guidelines define the requirements for establishing and maintaining secure endpoints.
All HIPAA-covered workforce personnel at Apple are required to comply with policy requirements for workstation and device security. Registered endpoints are centrally logged and tracked for compliance with Apple’s standards for data protection and security, such as automatic logout for inactivity, firewall, login management, backups, and disk encryption.
Apple takes precautions to protect employee workstations within facilities against incidents such as theft, damage from weather events, and power outages. Workstation owners are responsible for protecting their workstations from physical damage and unauthorized access in accordance with the requirements of Health app data Share with Provider HIPAA policies and procedures, internal security policies, and formal procedures for reporting lost or stolen workstations.