Contact a physician’s office or clinic and ask if the organization has a security plan. Discuss the process that staff members undertook to complete the plan, or develop an outline of a plan for them.
Contact a health care provider to talk with the person responsible for maintaining the legal health record. Ask about the organization’s release of information, retention, and destruction policies. Do they comply with the requirements of HIPAA? Explain why or why not.