Administrative

• Verify identity of person picking up health records.
• Verify identity of person on telephone.
• Report suspected breach in confidentiality.
• Ask all patients to read and sign notice of privacy practices (NPP).

Technical

• Require a unique password and user name for each staff member accessing medical records.
• Use and regularly update firewall protection to prevent “hacking.”
• Delete user names and passwords of employees who leave the practice.
• Utilize tracking software to monitor employees’ activities in the system.
• Require that staff members log off when away from computer.

Physical

• Store patient files away from patient-accessible areas.
• Lock file cabinets.
• File medical records before cleaning staff come in at the end of each day.
• Do not post provider schedules with patients’ names in areas where other patients can see.
• Sign-in sheets in the waiting room are okay; instruct patients to use first name and last initial only.