Selecting and Adopting a Health Information System 2Part 1: Privacy and security laws/regulations, adult education strategies, and training methodsElectronic Health Records (EHR) are important to the efficiency and quality care of patients. With the advancement and use of EHRs, Health Information Management (HIM) also becomes an important factor. They are very involved with strengthening privacy and security requirements for accessing personal health information (PHI). Even through their enforcement ofregulations and laws, there are still issues related to adult education of privacy and security regulations. Leadership is an important aspect in addressing any issues. Having a person in that leadership position to help stress the importance of protecting patient information is a vital measure in any organizations privacy and protection activities. [Hea05].To combat the problem of leadership designation of Security Officers is the key. These officers will be responsible for promoting a culture of protecting patient privacy and securing patient information. Another educational challenge in this sector is documentation. Documentation of risk analysis, HIPAA related policies, and reports are a requirement under the HIPAA Security Rules. Furthermore, documentation is a learning tool to show how the company did in they risk analysis and implantation of safeguards to address identified risk. The solution is to make sure that staff can reference the master file for security findings, decisions, and actions. This is easier than reconstruction and more accurate should auditing for compliance occur.[Hea05].Security risk analysis should also be done. This will give knowledge of potential threats to the integrity of personal health information. For this reason, education to staff about ongoing security risk analysis processes may present a problem. One solution is to have a designated planthat clearly outlines responsibilities for each risk analysis component. [Hea05].