Include portal access in all relevant privacy and security policies and procedures. Develop portal-specific policies and procedures, as necessary. Include portal use in your annual information technology security risk assessment. To reduce the risk of inappropriate patient use: Define appropriate use..