Being HIPAA compliant is not very difficult, but there are several things you need to know. First and foremost, you need a secure server to store and provide records and data. Not just any old desktop computer in the office will work. The server computer needs to have a stable network operating system with secure server software.
Next, each user may be given access to the files they need. For example, if someone only needs access to Microsoft Word documents, it is all they can open and edit. All other files are to be securely tied.
Next, the server can not be in the office. It must be in a locked room (such as cabinet) that only system administrators have a key.
When backing up data, backup is not allowed to stay on site. It must be backed up locally, through a VPN (Virtual Private Network) or on removable media that is made locally by on (such as an external hard drive).
because the operator (technician) have access to protected health reports, he / she must sign a contract with the physician / owner of the company, stating that he / she will respect the privacy of patients and their personal information, by achieving undue access to their files. Basically, the technician has access to only those files when necessary and accepting, copy or reproduce those files.
Are you planning on having all computers connected wirelessly? There is nothing wrong with that, but certain safety measures must be taken. The wireless connection will be guaranteed, of course. But did you know that WEP security enabled connection can be passed in less that three minutes? It is desirable that there WPA encrypted with SSID removed. Removing SSID turns it into a hidden network.
Always make sure that IT staff are up to date on the necessary requirements of HIPAA. Your career is counting on you to obey the law!