Security risk analysis

October 8, 2004

What steps should I take first in implementing the HIPAA security rule?

Q:What steps should I take first in implementing the HIPAA security rule?

A: Start with a risk analysis, pinpointing risks to your office's protected health information that's in electronic form. Consider all those problems that might occur if the appropriate security measures weren't in place. For example, you'd risk unauthorized use and disclosure of protected health information if your practice didn't control access to computer terminals through passwords and other procedures.