Topics in This Section
Learn about Health IT and Privacy & Security
Health information technology promises a number of potential benefits for individuals, health care providers, and the nation’s health care system. It has the ability to advance clinical care, improve population health, and reduce costs. At the same time, this environment also poses new challenges and opportunities for protecting individually identifiable health information. Federal policies and regulations are in place to help protect patient privacy and guide the nation’s adoption of health information technology.
Advancing Privacy and Security in Health Information Exchange (HIE)
Proposed modifications were made to the HIPAA Privacy and Security Rules to protect patient’s health information that is stored electronically. The HHS Office for Civil Rights enforces the Privacy and Security Rules and regulates any modifications to the rules.
HIPAA and Health IT
The Office for Civil Rights (OCR) published guidance documents on the HIPAA Privacy Rule, and the Centers for Medicare & Medicaid Services developed the HIPAA Security Information Series, which is a group of educational papers designed to give HIPAA-covered entities insight into the Security Rule and assistance with implementation of the security standards.
Nationwide Privacy and Security Framework for Health Information
The goal of the Nationwide Privacy and Security Framework is to establish a policy framework for electronic health information exchange that can help guide the nation’s adoption of health information technology and help improve the availability of health information and health care quality.
Electronic health information exchange (eHIE)
One way some providers share and access information is through a third-party organization called a health information exchange organization (HIE). As eHIE increases, patient trust in HIEs must be ensured and patients may more often be asked to make a “consent decision.”
Personal Health Record (PHR) Model Privacy Notice
The PHR Model Privacy Notice is designed to be a standardized template that a web-based PHR company can use to succinctly inform consumers about its privacy and security policies.
Your Organization’s PHR data practices
Learn more about your organization’s PHR data practices and help your users or customers understand how your organization releases and secures their PHR data.