FAQs

Health Information Exchange How Does HIE Affect Your Practice? Security Electronic Health Records HIPAA Getting Started Maintenance of EHR Systems General

Maintenance of EHR Systems

What basic security steps do I need to take to keep my electronic health records (EHR) safe?
Many of the basic privacy and security practices you have in place to protect your paper patient records also apply to electronic paper records. That said, there are important aspects of EHR security that you should keep in mind:

1. Purchase a system that is certified by the Certification Commission for Healthcare Information Technology (CCHIT). CCHIT includes security, privacy and compliance aspects of an EHR system in the certification process. A list is available at www.cchit.org.
2. Solid staff training and policies on what can be disclosed under what circumstances. You’ll want to add policies on appropriate use of the electronic system including e-mail, electronic messaging and the internet. If you allow sending patient data by e-mail, be sure you have e-mail encryption in place.
3. Since a computer system identifies each individual by the user login information to track who looked at or changed an Electronic Health Record (EHR), each person in your practice must have a unique user ID and password for the computer. Any sharing of user names and password should be strictly prohibited.
4. Provide physical security for your EHR data just as you would for your paper patient records.
5. Data needs to be backed up and saved daily so your data can be recovered if the system crashes. Back-up media can be any media that can be removed from the practice premise like tapes or CDs. You will want a set of your back-up media stored offsite somewhere in case of a fire. There are professional off-site storage services available; some people use a safe deposit box at a local bank. If someone at the practice takes the back-up media home to provide offsite storage, remember that this media contains confidential patient data so it needs to be secured against theft or loss.

A free privacy and security toolkit is available from the Agency for Healthcare Research & Quality (AHRQ). Visit: www.healthit.ahrq.gov.

For additional details, visit:
www.cms.hhs.gov/EducationMaterials/Downloads/SecurityStandardsTechnical Safeguards.pdf
(See pages 3-11)

www.cms.hhs.gov/EducationMaterials/Downloads/SecurityStandards
AdministrativeSafeguards.pdf
(See pages 6-19)

 

About HISPC | About eHIE | Resources | Publications | Media | FAQs | Contact Us

Please visit the National Health Information Security & Privacy Tollkit Web site at Secure4Health.org.
Information brought to you by Louisiana Health Care Review
All information contained on the Secure4HealthLA.org web site is intended for informational and educational purposes only and should not be used to replace the advice of a qualified professional. The information at Secure4HealthLA.org does not in any way constitute legal or professional advice. Secure4HealthLA.org has made considerable efforts to present accurate and reliable information on this web site; however, we give no assurance or warranty regarding the accuracy, timeliness, or applicability of any of the contents. Visitors to Secure4HealthLA.org should not act upon Secure4HealthLA.org content or information without first seeking appropriate professional advice. In addition, Secure4HealthLA cannot be held responsible for the contents of any externally linked pages.