Enlist Professional Help – Someone who understands HIPAA/HITECH for legal review and advice.
Employers with hazardous chemicals in the workplace must develop and implement a written hazard communication program and train employees on the hazards they are exposed to and proper precautions (and a copy of safety data sheets must be readily available). See the OSHA page on Hazard Communication.
Conduct an annual risk assessment of systems and processes for handling/disposal of PHI (Protected Health Information).
Conduct frequent testing and vulnerability scans on systems and computers.
Make sure frequent penetration testing is completed and documented making proper corrective actions.
Educate employees about HIPAA requirements and the importance of protecting the information.
Encrypt all laptops including your personal one in case a staff member emails you or you access something from home. Remember PHI includes name, address, date of birth, social security number.