All covered entities must protect the information by:
Implementing safeguards to protect information. For example, password protecting the computer systems in clinics to ensure others cannot access patient health or private information.
Ensuring there is minimal use and disclosure of information. For example, if an authorized family member requests for additional information about a medication prescribed to a patient, it is not necessary to disclose the patient’s full medical history to the family member.
Training employees on proper protocols to protect health information.
Limiting access to who can view the health information. This means that employees who do not come in contact with patients, do not need access to patients’ full medical and financial history.
Obtaining written permission from consumer before giving out any information. This is crucial, and all covered entities must abide by this rule.