Security best practices under HIPAA

Document Everything – look through the rule, pick out each standard and each implementation specification and create a chart that briefly describes how you are addressing each.
– Require and use strong passwords – teach your staff andcoworkers how to create them
– Limit systems access to those who absolutely need it for their jobs
– Create written policies and procedures detailing the requirements
– Provide regular (annual) training
– Audit your own compliance
– Check state law for breach/incident notice requirements
– Be afraid. These rules apply to the smallest medical practices and the largest healthsystems and health plans
– Information Security is a hot topic. New lawsare being passed constantly.
– HIPAA may not provide for a private right of action but novel legal arguments are beingtested
– A major breach in your information securitycan be a public relations disaster.
– The media will be quick to report an inappropriate release of significant amounts of PHI