HIPAA Security

Back Next

The following is a sample list of practices that are employed to comply with the HIPAA Security Rule.

Access to Secured Areas

You should report any observed or suspected incidents to your manager, Medial Director or designated personnel immediately.

Virus Protection

You should take precautions to prevent and detect the introduction of any type of viruses or other malicious software.

NEVER open any files or macros attached to an e-mail from an unknown, suspicious or untrustworthy source. Delete these attachments immediately, then "double delete" them by emptying you Trash (Deleted Items Folder, Recycle Bin, and so on). Keep in mind that viruses are often sent by someone pretending to be someone you know or trust.

Passwords and Password Protection Standards

A poorly chosen password may result in the compromise of the network and the information stored on it.

Do not use the same passwords for non-work access, for example personal ISP accounts or personal e-mail.

Where possible, do not use the same password for various work access needs.

Do not share passwords with anyone

All passwords are to be treated as sensitive and confidential information.

You are responsible for the security of your passwords and accounts

Change passwords on a regular basis

PDA's and other hand held electronic devices

Any type of hand held electronic device that is used to store, transmit or create EPHI must be properly safeguarded to ensure the integrity of the data. Take steps to protect the device from theft or loss.