1.  Assign someone the responsibilities of the Privacy Officer.

•  Ideally a Privacy Officer should be a medical records specialist or paralegal.

2.  Assign someone the responsibilities of the Security Officer.

• Ideally a Security Officer should be an IT expert.

3. Develop Policies and Procedures for the Organization.

4. Update Policies and Procedures as needed.

5. Implement Policies and Procedures.

6. Train staff on HIPAA Policies and Procedures.

7. Place server on secured facility or sublease space for operations on server located within a secured facility.

8. If buying an EMR consider an Internet based system with encryption at the transaction level.

9. If buying an EMR look for software that can be customized to your operations.

10. Get a document management system with secured capabilities and controlled access.