Summary
The Office of the National Coordinator for Health Information Technology (ONC-HIT) released version 2.0 of its Guide to Privacy and Security of Electronic Health Information (the Guide). While the Guide clearly states that it is not intended as legal advice or recommendations, it provides a useful overview of the key concepts that health care providers should consider and implement with respect to privacy and security issues.
The ONC-HIT is charged with providing educational resources to help providers maintain the privacy and security of electronic health information and provide support for the adoption and promotion of electronic health records and health information exchanges.
The new version of the Guide provides updated information regarding the Medicare and Medicaid Electronic Health Record Incentive Programs (also called the Meaningful Use programs) as they relate to privacy and security of information. The Guide also provides current information related to the HIPAA privacy, security and breach notification rules and other privacy and security related topics including cybersecurity.
The Guide consists of seven chapters and multiple tables for the ease of health care providers and HIPAA covered entities and business associates. Within the Guide is a sample seven-step approach to implementing a security management process and an overview of the Stage 1 and Stage 2 Meaningful Use programs. It also includes a section entitled, "Working with your EHR and Health IT Developers" that reflects the changing technological advances of interest to health care providers.
The recent alleged HIPAA violation settlement relating to a compounding pharmacy demonstrates the federal government’s continued focus on privacy compliance. The Guide highlights key issues that need to be addressed, monitored and maintained from a privacy and security standpoint.
View Document(s):