Resource Overview
  • Rationale
  • Challenges
  • Approach
Small to medium provider organizations such as community health centers, rural clinics, and critical access hospitals work to provide the highest quality health services with limited resources. Because they operate with a smaller staff than larger health systems, many employees take on tasks outside their job description. Provision of information technology (IT) services is often a task non-experts at these smaller operations must take on to achieve organizational objectives. The impact of this was never more apparent than when the Health Information Technology for Economic and Clinical Health Act’s Meaningful Use policies required objective measures for ensuring the safety of electronic Protected Health Information (ePHI) as dictated by the Security Rule of the Health Insurance Portability and Accountability Act (HIPAA).
HIPAA compliance requires that providers be prepared to handle ePHI properly and follow the requirements in the HIPAA Privacy, Security, and Breach Notification Rules. If a problem surfaces, an enforcement action can result—including million-dollar financial settlements, and Corrective Action Plans that can take years to complete and can cost many times the monetary settlements. In order to comply with the HIPAA Security Rule, providers need to maintain an ongoing security program. Beyond HIPAA policies there are modern technological concerns such as "ransomware" that requires further diligence and expertise from health center IT management and staff.
Maintaining a secure and yet, responsive clinical health IT system and conducting policy related objectives such as the security risk analysis (SRA) requirements in accordance with HIPAA policy are extremely complex tasks. The difficulties experienced by small to medium provider organizations in accomplishing these goals are comprehensive. The resource sets provided here include boiled down guidance and toolkits for common health IT privacy and security needs.


This resource collection was cultivated and developed by the HITEQ team with valuable suggestions and contributions from HITEQ Project collaborators.

Looking for something different or have something you think could assist?

HITEQ works to provide top quality resources, but know your needs can be specific. If you are just not finding the right resource or have a highly explicit need then please use the Request a Resource button below so that we can try to better understand your requirements.

If on the other hand you know of a great resource already or have one that you have developed then please get in touch with us by clicking on the Share a Resource button below. We are always on the hunt for tools that can better server Health Centers.

Request a Resource  Share a Resource
Highlighted Resources & Events
Need Assistance?
Would you like more assistance regarding Privacy & Security strategies or support in using any of the include resource sets?

  Request Support


The Quadruple Aim
Quadruple Aim

A Conceptual Framework

Improving the U.S. health care system requires four aims: improving the experience of care, improving the health of populations, reducing per capita costs and improving care team well-being. HITEQ Center resources seek to provide content and direction aligned with the goals of the Quadruple Aim

Learn More >

Quick Feedback Request