Find a health care provider that uses this method.
State-level regulations can be different. Some states might require extra steps, such as encryption for PHI on electronic devices. Other states may also mandate certain levels of user authentication. Aside from these legal requirements IT systems should follow best industry practices like regularly testing security measures, and using two-factor authentication where possible.
Last but not least, IT systems must consider any local laws that may affect their security of patient data. Some cities might have privacy ordinances that they must follow. This is particularly important if there is sensitive data being transferred across national borders. Many countries also have different regulations about data protection. Healthcare institutions must keep up to date with changes in data protection law in order to ensure compliance.