The Office of the National Coordinator for Health Information Technology (ONC) recently issued an updated Guide to Privacy and Security of Electronic Health Information. The guide is a resource that can help health care providers comply with the Medicare and Medicaid Electronic Health Record (EHR) Incentive Programs’ privacy and security requirements and the HIPAA Privacy, Security, and Breach Notification Rules.

The guide provides a summary of key information in the following areas:

  • Understanding HIPAA rules;
  • Patients’ Health Information Rights;
  • Electronic Health Records, the HIPAA Security Rules, and Cybersecurity; and
  • Medicare and Medicaid EHR Incentive Programs’ Meaningful Use Core Objectives that Address Privacy and Security.

The guide walks health care providers through the key components of each of these subject areas.

In addition, the guide provides tools for health care providers who want to implement a security management process or provide notification about a HIPAA breach. The guide has a sample seven-step approach that can be used to implement a security management process, including help addressing the security requirement contained in the Meaningful Use for the Medicare and Medicaid Electronic Health Record (EHR) Incentive Programs. Finally, the guide provides information about what to do if there is an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of protected health information. The information includes a risk assessment process for breaches, reporting breaches, and government investigation and enforcement of potential HIPAA violations.