Keep your information secure

Harry Rhodes, MBA, RRA, professional practice manager for the American Health Information Management Association in Chicago, and Jayne Lawson, information security officer at Hartford (CT) Hospital, offer these five tips for getting your information security on track to comply with the new legislation:

- Develop hospitalwide awareness of information security. Make sure everyone from the janitor to the CEO knows they are responsible for keeping patient information confidential.

- Develop written confidentiality policies and review them periodically with your staff.

- Designate a security/confidentiality officer and/or assign a multidisciplinary team to make sure the issue is addressed on an ongoing basis.

- Build audit trails and other security steps into the system. It’s easier if you start out with encryption and other techniques at the beginning. If you add them later, users will balk at the extra trouble.

- Have all staff members sign confidentiality agreements.