Information security is very important. It is pertinent that not just health care providers but that all and sundry take protecting personal information seriously. Information is one thing that can be used by anyone against another individual and the public at large. If information that is not meant for public knowledge gets out to the public, the result could be quiet devastating. This is why the Health Insurance Portability and Accountability Act (HIPAA) and its privacy and security rules as well as other security laws emphasize the needs for health care providers to put measures in place that will allow them comply with the information security laws around them.
There are basic steps to be taken by a health care provider on how to get started on information security. As a health care provider you are expected to first ask your local Regional Extension Center (REC) where you can get help. You can also check the Office of the National Coordinator for Health Information Technology (ONC) Health IT Privacy and Security Resources web page. You will find more information and guidelines that will help you in your specific practice. Once you have made the necessary inquiries, you are to review the Office for Civil Rights (OCR) Security Rule Guidance Material for further information and also look at the OCR audit protocol. There you will also find specific information about getting started with information security that will guide you.
As a health care provider especially if you are a Covered Entity, you should inform your Electronic Health Record (HER) developer(s) that health information security is one of your major priorities in adopting an Electronic Health Record (HER).
Know that as a health care provider you are not the only CE, therefore it is also important that you check with your membership associations to find out if they have any training resource lists or suggestions. Find out if your local community college offers any applicable training that you might be interested in. The next thing is to work with your practice staff, and other partners you have. Find out how they can help you carry out your HIPAA Rules responsibilities.