ONC Issues Updated Guide to Privacy and Security of Electronic Health Information

On April 13, 2015, the Office of the National Coordinator for Health Information Technology (ONC) issued an updated Guide to Privacy and Security of Electronic Health Information for practical guidance on applying federal privacy and security requirements.  Lucia Savage, ONC’s Chief Privacy Officer, noted that the guide is the first step towards fulfilling the commitment made by ONC in its Interoperability Roadmap to foster better understanding in the industry of how security regulations in place help support interoperability. Health care providers can find updated information about compliance with the Medicare and Medicaid Electronic Health Record (EHR) Incentive Programs’ privacy and security requirements as well as the HIPAA Privacy, Security, and Breach Notification Rules, as updated by the HIPAA Omnibus Final Rule in 2013.

The Guide provides practical information on a variety of privacy and security issues and offers practical examples of the HIPAA Privacy and Security rules in order to help providers better understand how those rules apply to their practice. Examples of topics covered in the guide include the HIPAA Privacy and Security rules, cybersecurity, understanding patient rights and providers’ responsibilities including the notice of privacy practice and accounting of disclosures.  A list of questions to ask EHR and Health IT developers to help better understand the privacy and security practices put in place is also included.

The Guide also addresses the Medicare and Medicaid Incentive Programs and reviews the Meaningful Use objectives that specifically address privacy and security.  A Sample Seven Step Approach for Implementing a Security Management Process is provided that could be used to implement a security management process as well as help for addressing security related requirements of the Meaningful Use EHR Incentive Program.