We are developing resources to help you navigate the complex and rapidly evolving healthcare privacy and security challenges facing our industry.

The HIMSS Privacy and Security Committee goal: "By 2014, all entities who use, send, or store health information meet requirements for confidentiality, integrity, availability and accountability based on sound risk management practices, using recognized standards and protocols."

HIMSS has launched several work groups that are actively involved with industry changing activities to achieve this goal.

Privacy & Security Toolkit

Apply general principles for managing electronic data to meet compliance requirements

Small Provider Organization Privacy & Security Toolkit

Implement appropriate policy and procedures for smaller organizations

Patient Identity Integrity Toolkit

Navigate the challenges of securely, reliably matching patient identity across systems

---

Risk Assessment Toolkit

Conduct security risk assessments and implement a risk management process

---

Mobile Security Toolkit

Manage mobile technology security based on industry best practices

---

Cloud Security Toolkit

Understand the security challenges of cloud computing and make informed decisions

Latest News & Announcements

HIMSS Releases 5th Annual Security Survey Results
Now in its fifth year, the HIMSS Security Survey reports the opinions of information technology (IT) and security professionals from healthcare provider organizations across the U.S. regarding the tools and policies they have in place to secure electronic patient data.
Read the HIMSS Security Survey Report.

HIMSS Risk Assessment Work Group Publishes Paper on Encryption
Both the HIPAA Security Rule and the Stage 2 Core Measures of the EHR Incentive Program require organizations to address the encryption of data at rest as a part of a comprehensive risk management process. The purpose of this paper is to help providers understand these requirements and apply them appropriately to their IT environments. Download the paper

OCR Releases HIPAA Privacy and Security Audit Program Protocol
Last week, the Office of Civil Rights (OCR) released the protocol for conducting HIPAA audits required by the Health Information Technology for Economic and Clinical Health (HITECH) Act. The purpose of these audits is to ensure covered entities and business associates are complying with the HIPAA Privacy and Security Rules and Breach Notification standards. To assist with these audits, OCR established a comprehensive audit protocol that contains the requirements to be assessed through these performance audits. Click here to view the audit protocol.

HIMSS Work Group Issues Paper on Cloud Computing and HIPAA Compliance
Cloud computing services offer health care providers and health plans significant information technology savings opportunities and increased flexibility. However one of the challenges facing health care providers is how to leverage these benefits by moving their information technology resources to a cloud computing platform while still complying with HIPAA. The purpose of this white paper is to discuss steps that a HIPAA covered entity may consider to address this challenge. Download the White Paper.

New Privacy White Paper and Blog Posting
The HIMSS Privacy and Security Committee chose the topic of Patient Trust as the focus of the HIMSS Blog for Thursday, June 7, 2012, to discuss the release of a new white paper titled “Understanding the Role of Trust in the Protection of Privacy,” written by Ken Hartman, HIMSS P&S Committee member.

This latest addition to the HIMSS Privacy & Security Toolkit is the result of the P&S Committee’s desire to increase understanding of privacy as a separate and distinct concept from Security. The paper discusses why it is important to understand the linkage between trust and privacy, and delves into the more personal issues of vulnerability, fairness, and competence.

Social Media in Healthcare: Privacy and Security Considerations
Lisa Gallagher, Senior Director of Privacy and Security at HIMSS explores the increasing use of social media in healthcare and discusses the privacy and security challenges associated with its use in a presentation at the Washington Stage Health Information Management Association Annual Meeting. View the presentation