To meet HIPAA regulations with your SAM you must:
- Restrict Access to Medical Data : Permissions
- Track Access to Medical Data : Modification History and Activity Tracking
Restrict Access to Medical Data : Permissions
Under Families and Children there are Permission Types for Medical Info that controls whether users can access the data that is stored in the "Medical Info" tables and the tables under it. Make sure that only users who must have access to Medical Information have this permission type checked.
Track Access to Medical Data : Modification History and Activity Tracking
To track who has accessed medical data you can use the "Activity Tracking | Medical Information Access Report" which is just like the regular Activity Tracking report, except that it is filtered on "Page Contains Medical Info", which is special flag on forms and reports that contain any fields from the Medical Info tables. This report is available in systems without the Activity Tracking module.
Additional Considerations outside of your SAM
- Written Consent to share client's Medical Data outside of your Organization (Upload Document into Client's Record)
- Shred any print outs, even if they don't have any medical information on them as a "Best Practice"