The goal of HIPAA is to make sure the protected health information you are responsible for or come into contact with remains confidential, secure, and available when you need it. Here are basic steps every practice can take to help make this happen:
- Use strong passwords, and change them regularly.
- Don't share your passwords or store them where they could be found easily (e.g., taped to a monitor).
- Prevent others from viewing your screen.
- Use the automatic log-off function on computer terminals.
- Don't leave your laptop or thumb drive unattended in your car if it contains protected health information (PHI).
- Don't let family members use your laptop if it contains PHI.
- Keep your server in a room accessible only by authorized staff.
- Use antivirus software on your computers, and on hand-held and mobile devices that support it, and keep it current.
- Notify your security officer if your computer has a suspected or confirmed virus.
- Don't install unknown programs on your computer.
- Be wary of suspicious emails (opening them could automatically put a virus on your computer).
- Back up your data regularly, and keep at least one back-up offsite.
- Make sure back-up media and mobile devices are made unreadable before disposal.
- Inventory and keep track of all devices containing PHI (don't forget your fax and copy machines).
- Have a plan for what to do if your server crashes and you can't directly recover data.
- Discuss PHI only in accordance with your job duties.
- Use low conversational tones in the clinical and reception areas where patients might overhear conversations.
- When mailing PHI, make sure it is properly sealed and addressed.
- Verify the correct fax number before sending faxes.
- Don't leave incoming or outgoing faxes on the fax machine.
For information about HIPAA security:
- Visit the TMA Practice Consulting webpage, where you can download a free copy of TMA's HIPAA Security: Compliance and Case Studies. This publication explains how to develop your plan to avoid penalties and other costly mistakes.
- Download the federal government's Guide to Privacy and Security of Health Information at www.healthit.gov.
- Find nontechnical advice about online security for small businesses at OnGuardOnline.gov.
Published April 9, 2014
Last Updated On
November 11, 2019