Having a plan going forward

Not one fancy (and secure) bell or whistle will matter if you don’t have a plan for addressing future security needs and HIPAA requirements changes. Many of your EHR’s security and privacy features are automatic, but that doesn’t mean they’re entirely intuitive.

You have the technology and processes covered, but don’t forget the people who will use those security features. Provide staff ongoing training on privacy rules, legislation, and any security features you add to the EHR. Couple that with your plans to update and upgrade EHR security features to meet HIPAA and HITECH standards, and you have a winning formula for securing your patients’ PHI.

Handle with care: Who needs extra EHR security?

Some highly sensitive data warrants enhanced security measures, so keep these categories in mind while you work with your vendor rep to set up your new EHR security features and train your staff:

Patient Type and Identity: Your system must be able to authenticate (from inside and outside your office) patient identity and link the patient to the correct records. The PHI record of Mary Jones from Champaign, IL will be very different than Mary Jones from Urbana, IL, so your system must include unique benchmarks that identify both.

Diagnosis or Condition: Your system should offer safeguards for especially sensitive diagnoses or conditions. Some examples include mental health, sexually transmitted disease, substance abuse, or chemical dependency.

Procedure and Testing: ...

Get Electronic Health Records For Dummies now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial