As a Health Information Management Services Manager or HIPAA Security Officer, you are responsible for having policies and procedures in place regarding the security of protected information stored in the Electronic Health Record (EHR). These are essential to electronic health record integrity, confidentiality, and appropriate access. Mechanisms should be in place, including physical and personnel security measures, risk prevention, and monitoring of the EHR system’s security.
For this assignment, your goal is to design a policy and procedure for the security and monitoring of Protected Health Information (PHI) in your organization’s EHR. Use information from the readings to compose the policy and procedure (P&P). Click on the sample policy and procedure below for the formatting you should follow.
- Sample Policy and Procedure.
At a minimum, include the following categories:
- Safeguarding Access (physical and personnel security measures)
- Risk Assessment
- Monitoring (frequency and method of assessment)