The HIPAA Security Policy of 1996 was a far-reaching and comprehensive policy document designed to enhance the security of medical practices across the country. Due to the sensitive nature of medical records, it is important for every medical practice to follow these guidelines.

As a practice, patients entrust you with their personal information and fully disclose their medical conditions, behaviors and other intimate details. Fines can be levied on a practice that breaches HIPAA privacy guidelines and causes patient data to be leaked to unauthorized persons.

It is this trust that makes it unequivocally clear that patient records must be secured. Therefore, it is critical that the first line of users, your staff, are leading the charge in ensuring your practice security is adequate. To help you understand the importance of getting your staff on board, here are some responsibilities they must take up to play their part:

Software Bugs

As everyday users of all practice software, staff members are best placed to identify any software malfunctions before the IT or other support department picks it up. In order for these bugs to be successfully identified, reported, and tracked, employees must be educated to do so. It may not be seem important, but every big problem starts as a small one that goes unaddressed.

Unauthorized Access

Every employee has a certain level of access to the software systems used in the practice. To safeguard restricted information, employees should not share login credentials, should never leave their computers signed in, and should always report unauthorized access immediately.

Modifying Data, Systems, and Software

Tech-savvy employees may sometimes be tempted to “troubleshoot” problems with the system in a good-faith attempt to fix a certain problem, but this should be discouraged. Any modifications, updates, or changes to the system that go beyond the necessary information input of daily activities could lead to greater problems. If something isn’t working well, the solution should be up to the appropriate IT or support person.

Internet Access

While it may be permissible to use the practice Internet resources for some personal use, staff members should avoid randomly browsing and downloading files to practice computers. This is how most computers become infected with viruses. Employees and staff must be informed that caution must be exercised when visiting websites unrelated to work.

BYOD (Bring Your Own Device)

In the age of smart devices we live in, it is a good idea to create and enforce a Bring-Your-Own-Device Policy that outlines what parameters for when personal devices are used to access practice information. An example of this policy would be: “Do not access the practice intranet while on a public Wi-Fi signal” or “Do not use devices you share with others (such as family computer or iPad) to access practice systems”.

These are some simple ways your employees can help your practice meet HIPAA information security guidelines and successfully attest to meaningful use.