HIPAA Security requires medical practices to put reasonable measures in place to protect electronic patient information from internal and external security threats.
Physicians must document the steps they are taking to ensure best-practice security measures. Without documented efforts, physicians are liable for damages in the event of a security breach. Fortunately, the steps that you must take are scalable to the size of your practice.