Under HIPAA, each organization must perform its own risk assessment to determine, as the preamble says, "an appropriate solution to a covered entity's workstation security issues." Start with a physical walk-through of your facility, noting the locations of computers, both desktop devices and, if any, portables.
There are many simple antitheft devices for fixed workstations and for portables. You may decide to install a cable lock to tether vulnerable workstations to desks or carts. These cable locks can be used as theft deterrents for printers, fax machines, projectors, and other valuable devices.
Although the rule's physical safeguard standards do not explicitly address the security of servers and network devices, facility security plans should also include locks for your server closet. It is risky to leave servers and network devices in open office areas; they should be kept in a locked closet with access limited to authorized technical staff. If it is not feasible to have a locked closet or room, consider using a special-purpose cage to protect these critical devices.