If you are a provider you should be familiar with your responsibility as it applies to safe guarding electronic protected health information (e-PHI). Though not all encompassing here are a few things you should know:
The Security Rule requires that providers maintain a reasonable and appropriate administrative, technical, and physical safeguards for protecting PHI while at rest or while in transit electronically.
More specifically you must:
- Ensure CIA is maintained
- ID and protect against any anticipated security threats that would put PHI at risk
- ID and protect against any violations of use or disclosure of PHI
- Ensure your employees adhere to policies and compliance rules that govern the handling of PHI
And this is an ongoing process that must be assessed, audited, and updated regularly in order to show movement towards compliance. Either adapt or face the consequences by the federal government. For more specific info see hhs.gov