The javascript used on this site for creative design effects is not supported by your browser. Please note that this will not affect access to the content on this web site.
Skip Navigation
H H S Department of Health and Human Services
U.S. Department of Health and Human Services
Health Information Technology and Quality

A-Z Index  |  Questions?  |  Order Publications  |  HRSA Mobile

How can we leverage our relationship with other health care organizations to better manage the security of our EHR data?

Larger organizations often have IT and security knowledge and resources beyond the capability of smaller clinics and physician practices. It is often possible to tie into these resources to improve security practices.

  1. Share security expertise. Get acquainted with the IT and security staff at other organizations, especially those with whom you share or refer patients.  Knowledgeable individuals are usually willing to share information just for asking.
  2. Share computing resources. Investigate opportunities to share, lease, or collate equipment in the hospital's data center. Many hospitals maintain secure data centers with redundant power, environmental protection and physical access control. A data center is a fixed cost, that if underutilized is not a productive resource.  Cooperative networking or data location arrangements can lower operating costs for both parties.
  3. Communicate and negotiate common security solutions. Certain types of security solutions, especially those directly associated with data transmission are more effective if there is a common agreement between the sender and receiver. Whenever feasible, inquire what types of solutions are used by your primary practice partners and determine how you might implement a compatible approach.
  4. Beware of Stark Rules. The Stark statute generally limits the extent of assistance hospitals may contribute to practice partners. There is an exception for hospitals that wish to provide the EHR system to physicians but this does not cover other types of assistance. The rules are complex and require careful reading to understand their full applicability.


  • Stopping Traffic? go to exit disclaimer (2008) -- an article from For the Record magazine that provides information about taking advantage of the Stark exemption that allows hospitals to subsidize a portion of an affiliated physicians' EHR cost.
  • The Truth About Stark go to exit disclaimer (2003) -- article by the American Association of Family Practitioners which gives an overview of the Stark law, who is covered, and permissible exceptions
Developed by the Health Resources and Services Administration as a resource for health centers and other safety net and ambulatory care providers who are seeking to implement health IT.
Health Information Technology Toolboxes help health centers, safety net providers, and ambulatory care providers with electronic and online resources and technical assistance to improve patient care.  More>
Stay Informed