Every employee signs confidentiality agreement (NDA) with severe penalties for HIPAA violations.
Each user has unique login, power-on and screensaver passwords.
Access to applications/databases defined on 'need to know' and 'Minimum Necessary' basis and with respect to the job profile.
Physical restrictions for unauthorized persons to enter work area and network center.
Firewall protection for internal network from the World Wide Web.
Enterprise-wide multiple virus protection system
Encryption on web based applications (Based on clients requirement & technical facility).
Training for all staffs on HIPAA.
Staff doesn't share any of their passwords.
Staff doesn't discuss or disclose PHI unless it is necessary for operations or processing.
Even if discussed or disclosed staffs make sure it is to the " Minimum Necessity ".
Personal identifiers like Patient name, Name of facility, SSN etc are removed when the file containing PHI are sent back to client in case of any doubts or for any other purpose.
