• Revenue Cycle Management
  • COVID-19
  • Reimbursement
  • Diabetes Awareness Month
  • Risk Management
  • Patient Retention
  • Staffing
  • Medical Economics® 100th Anniversary
  • Coding and documentation
  • Business of Endocrinology
  • Telehealth
  • Physicians Financial News
  • Cybersecurity
  • Cardiovascular Clinical Consult
  • Locum Tenens, brought to you by LocumLife®
  • Weight Management
  • Business of Women's Health
  • Practice Efficiency
  • Finance and Wealth
  • EHRs
  • Remote Patient Monitoring
  • Sponsored Webinars
  • Medical Technology
  • Billing and collections
  • Acute Pain Management
  • Exclusive Content
  • Value-based Care
  • Business of Pediatrics
  • Concierge Medicine 2.0 by Castle Connolly Private Health Partners
  • Practice Growth
  • Concierge Medicine
  • Business of Cardiology
  • Implementing the Topcon Ocular Telehealth Platform
  • Malpractice
  • Influenza
  • Sexual Health
  • Chronic Conditions
  • Technology
  • Legal and Policy
  • Money
  • Opinion
  • Vaccines
  • Practice Management
  • Patient Relations
  • Careers

Small-practice requirements

Article

I'm an FP in a three-person practice. Under the security rule, must I implement the same safeguards as a larger practice?

Q: I'm an FP in a three-person practice. Under the security rule, must I implement the same safeguards as a larger practice?

A: No. The security rule allows for "scalability," which, in simple terms, means that one size doesn't fit all. After all, entities affected by the rule range from small practices like yours, with rudimentary technology, limited resources, and low risk exposure, to large private and university health systems, with quite developed information technology, broad resources, and very high risk exposure. Given this range, the government allows flexibility in the security rule, depending on specific circumstances.

Consider, for example, one of the data security standards. It not only requires that you back up data, but that you store this backed up data in a secure location, with controlled access. A large provider-a hospital system, say-may achieve compliance by storing its backed-up information off site, in a secure computer facility. A smaller practice like yours, however, may simply need to back up data on CDs or other media and store these in a locked closet or room, preferably off site.

Related Videos