• Patient charts and information are protected under HIPAA regulations.Hospital Files image by PinkSony from Fotolia.com
  
  The Healthcare Information Portability and Accountability Act (HIPAA) of 1996 ensures that regulations are created and maintained for the privacy and security of an individual's electronic health information. The United States Department of Health and Human Services is responsible for creating these regulations. The security rule requires appropriate procedures to ensure confidentiality and security of protected electronic personal health information.
  
  

Administrative Safeguards

• According to the U.S. Department of Health and Human Services, administrative safeguards include assigning a security official, limiting access of protected health information, training employees and evaluating the effectiveness of methods with respect to a person's medical records and information.
  
  The security official implements policies and procedures, trains employees and creates sanctions for security violators. Access to protected health information is allowed only when necessary to complete a job function. Employees are trained the proper way to handle electronic health records.
  
  

Physical Safeguards

• Certain physical safeguards are taken in order to ensure that protected health information is kept private. Electronic devices or media workstations are secured when not in use but enabled for access when appropriate. Workstations are located where visibility to other staff or persons is limited.
  
  Policies and procedures, such as having the protected individual sign an authorization form for transfer, removal, disposal or re-use of health information, ensures privacy is upheld.
  
  

Technical Safeguards

• Technical safeguards include controlling and monitoring access to protected health information. Password protecting and timed-out auto logging off workstations protects electronic health information from being accessed inappropriately. Software that records all actions taken or viewing of specific records are used to monitor access. Limiting the number of password attempts ensures the unauthorized access is not granted to protected health information.