1. HealthIT.gov >
  2. For Providers & Professionals >
  3. Frequently Asked Questions

Answer to Your Question

No one in my office has a background in privacy and security and many of my employees consider the requirements to be difficult to meet and an obstacle to treating patients. How can I change the culture of my practice to one that appreciates and protects

Changing the privacy and security culture of a practice is often one of the most difficult aspects of reducing risk and becoming Health Insurance Portability and Accountability Act of 1996 (HIPAA) compliant. Making sure that patient privacy is put before employee convenience take dedication and effort. However, there are many low-cost, high impact changes that can markedly reduce risk.The National Learning Consortium (NLC) Security Risk Assessment tool can be used as a starting point for identifying cyber security risks for an organization.

In addition, your local Regional Extension Center (REC) can help make this transition easier by providing additional resources and technical support that will assist you in changing your privacy and security practices and culture. Find an REC near you.

Health Information Privacy and Security

What federal rules do I need to follow to keep my patient records private and secure?
To ensure that your patient’s health and medical information and records are private and protected, a federal law, called the Health Insurance Portability and Accountability Act of 1996 (...
Do I need to obtain consent from my patients to implement a patient portal?
No. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) permits the disclosure of health information to the patient without requiring the patient's express consent. Additionally,...
Where can I find more information about complying with the Health Insurance Portability and Accountability Act (HIPAA) while implementing an EHR system?
There are many online resources where providers can find information on HIPAA. The Department of Health and Human Services Office for Civil Rights (OCR) is tasked with administering HIPAA, and their...