Technical Safeguards

Addressable Standard

Minimum Necessary

Required Standard

Facilitating the auditing process of EHR systems.

Tracking breaches in the security of facility EHRs.

Determining if passwords were being routinely changed within institutions.

Ensuring that covered entities assess their compliance with the HIPAA Security Rule.

Use a personal computer to store patient information.

Log off the EHR system when not in use.

Communicate patient PHI via personal email.

Use the provider's EHR login information when recording data.

User Activity Feed

Reports

Messages

Patient Tracker

"Disabling automatic EHR system logoff enhances efficiency and security."

"Demographic information is not considered part of a patient's EHR."

"We are authorized to share EHR system passwords when necessary."

"Biometric measurements are acceptable for individual identification for EHR system access."

Using initials when referring to a patient.

Sending an unencrypted email to a pharmacy.

Supplying a patient's room number to the provider.

De-identifying patient data sent to a research company.