Privacy & Security Policy

Topics in This Section

Learn about Health IT and Privacy & Security

Health information technology promises a number of potential benefits for individuals, health care providers, and the nation’s health care system. It has the ability to advance clinical care, improve population health, and reduce costs. At the same time, this environment also poses new challenges and opportunities for protecting individually identifiable health information. Federal policies and regulations are in place to help protect patient privacy and guide the nation’s adoption of health information technology.

Advancing Privacy and Security in Health Information Exchange (HIE)

Proposed modifications were made to the HIPAA Privacy and Security Rules to protect patient’s health information that is stored electronically. The HHS Office for Civil Rights enforces the Privacy and Security Rules and regulates any modifications to the rules.

More about privacy and security

HIPAA and Health IT

The Office for Civil Rights (OCR) published guidance documents on the HIPAA Privacy Rule, and the Centers for Medicare & Medicaid Services developed the HIPAA Security Information Series, which is a group of educational papers designed to give HIPAA-covered entities insight into the Security Rule and assistance with implementation of the security standards.

Read more about HIPAA policies

Nationwide Privacy and Security Framework for Health Information

The goal of the Nationwide Privacy and Security Framework is to establish a policy framework for electronic health information exchange that can help guide the nation’s adoption of health information technology and help improve the availability of health information and health care quality.

More about the framework

Electronic health information exchange (eHIE)

econsent logoOne way some providers share and access information is through a third-party organization called a health information exchange organization (HIE). As eHIE increases, patient trust in HIEs must be ensured and patients may more often be asked to make a “consent decision.”

Learn more about eHIE and patient consent

Personal Health Record (PHR) Model Privacy Notice

The PHR Model Privacy Notice is designed to be a standardized template that a web-based PHR company can use to succinctly inform consumers about its privacy and security policies.

Read more about the privacy notice

Your Organization’s PHR data practices

Learn more about your organization’s PHR data practices and help your users or customers understand how your organization releases and secures their PHR data.

Understanding PHR data