Lead Your Culture, Select Your Team, and Learn
Designate a Security Officer(s):
Your security officer will be responsible for developing and maintaining your security practices to meet HIPAA requirements. The security officer will work with others to protect your patients’ electronic Protected Health Information (ePHI) from unauthorized access.
Discuss HIPAA Security Requirements with Your EHR Developer
Meet with your EHR developer to understand how your EHR can be used in line with the HIPAA and Stage 1 and Stage 2 Meaningful Use requirements. We provide a list of questions you may want to ask your EHR developer [PDF – 649 KB].
Consider Using a Qualified Professional to Assist with Your Security Risk Analysis
Using a qualified professional can often yield quicker and more reliable results than conducting an in-house risk analysis. If you hire a professional, pick one who has relevant certification and direct experience tailoring a risk analysis for your size of medical practice. You are still ultimately responsible for the risk analysis even if you hire a pro.
Use Tools to Preview Your Security Risk Analysis
Use tools available on the Office of the National Coordinator for Health Information Technology (ONC) and U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) websites. These tools can give you a sense of your practice’s potential shortcomings in Protected Health Information (PHI) security. See the HHS Security Risk Assessment (SRA) Tool and OCR Guidance on Risk Analysisfor more help in evaluating your risk level.
Refresh Your Knowledge Base of the HIPAA Rules
Learn about the HIPAA Rules, state laws, and other privacy and security requirements.
Promote a Culture of Protecting Patient Privacy and Securing Patient Information
Privacy and security are best achieved when your office has a culture of confidentiality and PHI protection. Learn more in Chapter 6 of the Guide [PDF – 569 KB].