Question: What are the basics I can do to prevent HIPAA breaches in my practice? South Carolina Subscriber Answer: The No. 1 thing you can do to prevent Health Insurance Portability and Accountability Act (HIPAA) breaches is to encrypt your data. But other important aspects of data protection include securing your physical devices and knowing how and where your health information technology (HIT) is stored, secured, and accessed - and by whom. Encryption: Facilities and practices that don't encrypt their electronic protected health information (ePHI) are providing easy access to data thieves, and easy avenues for breaches. When evaluating the security of your patients' data, figure out a plan to protect data if devices go missing; make sure everyone in your practice is utilizing multifactor authentication and at-rest protocols for all of your devices; and that your data is encrypted and decrypted properly, through means that satisfy HIPAA Security Rule standards. Physical safeguards: Make sure your practice has an inventory of all devices used to store or access ePHI and that the list is always up to date. Beyond knowing and tracking the devices, your facility should be protected with security, such as cameras and an alarm system, to minimize the risk of physical intrusion. Top tip: Make sure you also keep an up-to-date list of which employees, IT consultants, vendors, etc. can access any patient data. HIT movement: Along with encryption and awareness of the location and security of your physical devices, make sure you know how and where your data is moving, in terms of the physical device. Follow these helpful steps toward information safety and compliance: designate one person as being in charge of evaluating your practice's risk management and HIPAA compliance; make sure your security protocols are in line with your practice's needs; and make sure everyone on your staff knows who to turn to for compliance and health IT information. "As devices get smaller and more portable, the potential for lost or stolen or misplaced data increases - and so does the risk for a breach," warns Peter Arbuthnot, regulatory analyst with American HealthTech in Jacksonville, Mississippi. That's why it's essential to clearly state who's in charge of the maintenance, care, and updates of practice technology." Resource: For a closer look at the HIPAA Security rule, visit www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html.