Secure medical records is a broad topic that should be addressed in detail by all practices. There are multiple items to consider when meeting standards to best safeguard protected health information (PHI).

The primary requirements for safeguarding PHI include:

  • Reasonable safeguards must be implemented to protect patients' health information. This includes primarily, Administrative Safeguards, Technical Safeguards and Physical Safeguards.

  • Providers must have policies and procedures in place that reasonably limit use and access to PHI, based upon minimum necessary standards. This means that access to protected information must only be allowed to the level that is necessary to complete required duties.

  • Appropriate Business Associate Agreements must be in place, identifying access authorization details.

  • Appropriate workforce agreements must be in place clarifying access and use authorizations for PHI.

  • Policies and Procedures must be well defined and in place to provide structure and guidance to the facility workforce. This is necessary in an effort to both establish and maintain necessary and required security standards.