In my practice, there are a number of security procedures in which I engage that are designed to secure your Protected Health Information (PHI). These are not limited to, but do include the following precautions:
• My psychotherapy notes are kept in a locked filing cabinet, and only I have access to them.
• Access to my computer is password protected. Only I have the password, and there is no "guest" account login available. Similarly, client information stored in other mediums (e.g., my Palm and USB drive) is also password protected. In the event of a "computer crash," backups of PHI I possess are stored off-site, with password protection maintained.
• My computers are protected by regularly updated virus scanners, and any "always on" Internet connection is protected by a firewall.
• Computer files that contain PHI are saved in an encrypted file format requiring a password.
• In the event I "upgrade" to a new computer and sell or otherwise cease use of an older computer, all PHI is deleted, overwritten, and wiped.
• My billing company and I have a Business Associates Agreement, stipulating that they must be HIPAA compliant, and must have their own policies in place to maintain security of PHI. They are also required to train their staff to be aware of these policies, and implement sanctions for employees who do not obey these policies.
If you have questions or concerns, please feel free to discuss them with me.