General discussion


Hipaa for small doctors office

By jgryck ·
Can anyone tell me where we can find a list of what we would need to do to help a small doctors office with 3 to4 PC become Hipaa Compliant.
I have been looking but everything I see has to do with training and administration.
What has to be done the the network and data that they keep in house.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by ArmyLanMan In reply to Hipaa for small doctors o ...

Very simple.. If it leaves your building it needs to be in a secure package.

That means if you transmit patient info to any remote site outside your building you need to have a secure means of transmission. That could be using SSH or SSL connections or utilizing a VPN/IPSEC solution. Internal network connections are treated as being part of your enterprise and the thought is that within your building you can control physical access to your network and guarantee that no one is eavesdropping on your network. You'll also have to beef up your desktop security so that someone cannot just walk up to a machine and view patient information. Usually just setting the screen saver to one minute with a password will suffice to lock out casual observers. You may also want to show your staff how to lock the screen when they step away.


Collapse -

by NetTek In reply to Hipaa for small doctors o ...

The final security regulations, while tough reading, can be deciphered.

You can solve 80% of your problems by simply creating low-cost solutions: Create policies and procedures, and conduct training. For example, I was alone in a room at my doc's office the other day waiting to have bloodwork. Sitting on the computer screen was information about another patient. Big HIPAA no-no. Training employee's to log off computers or lock their workstations (Windows XP/2000/NT) would solve that issue.

Conduct a risk analysis of your weaknesses. Then develop a plan to become compliant. Then is there is ever an issue, you can say, "This is what we used to be like, this is how we are now, this is what we plan to do in the future." You must be showing a "good faith" effort that you are attempting to comply. You are not being asked to remedy all issues overnight.

Collapse -

by flan In reply to Hipaa for small doctors o ...

as long as patient data is not transmitted outside of site, everyone has their own password. sharing is not allowed, patients do not have access to pcs...

Related Discussions

Related Forums