By Sheryl J. Cherico, CEO Tier3MD

Below are 5 steps to HIPAA compliancy that every practice manager should know. At Tier3MD, we hope to provide education to practice managers, physicians and staff. We know the importance, and hope that you enjoy our 5 steps to HIPAA compliancy.

Tip # 1 – Designate someone in your office as the Chief Security Officer. Under the HIPAA laws, this is required. They could have other jobs in your practice, but you need to have someone who can oversee all ongoing activities related to the development, implementation and maintenance of the HIPAA laws.

Tip #2 – Perform a security risk assessment, and use it as the basis for where you are, and where you need to be. An Assessment will also give you a good idea of the security of your network.

Tip # 3 – Prepare your policies and procedures. If you do have a breach, one of the first things you will be asked is “what is your policy?”. You should have a full HIPAA policy and procedure manual that you update on a regular basis.

Tip # 4 – Prepare your Disaster Recovery Document – This is a great exercise in “getting all your ducks in a row.” You will want to document your procedures from beginning to end, and store it in a safe place. Make sure you include your plans to recover your data, and how you will continue to see patients.

Tip #5 – Continually Train your Employees – Good practice would be to have a constant, ongoing employee training program. An untrained employee could be very detrimental to your practice. Policies won’t do you any good if the employees are unaware of them. It is good practice to train upon hiring, and the full staff every 6 months.


Tier3MD is a leader in promoting education to medical practices. Our lunch and learns are informative and enjoyable. For more information, contact Tier3MD if you would like to join in.