How to Secure a Site for HIPAA

Set up the software that stores protected health information to require a password for access, then assign passwords only to employees who should have access to the software and the protected information. Passwords should be cryptic and--to avoid being shared with unauthorized persons--should never be written down.

Implement a standard of procedures where it is standard practice to store hard copies of protected health information in locked file cabinets.

Train employees on how to conduct themselves around each other and third parties as it relates to protected health information. This training should fully explain the term "protected health information" and provide a detailed summary of privacy practices for the organization. Employees should understand that it is a violation to discuss any patient's protected health information verbally, or in writing, unless it is part of each employees' job duties to do so.

Refrain from keeping confidential information on portable devices such as floppy disks, universal serial bus flash drives or other handheld devices.

Destroy protected health information that is no longer needed.

Install antivirus software to prevent dissemination of protected health information as a result of external forces invading the computer system.

Implement a standard of procedure where employees report any breaches of confidentiality. Provide a contact number for employees to use in the event that a breach occurs.