• Print

Privacy and Security

Health Information Privacy, Security, and Your EHR

Ensuring privacy and security of health information, including information in electronic health records (EHR), is a key component to building the trust required to realize the potential benefits of electronic health information exchange. If individuals and other participants in a network lack trust in electronic exchange of information due to perceived or actual risks to electronic health information or the accuracy and completeness of such information, it may affect their willingness to disclose necessary health information and could have life-threatening consequences.

Your practice, not your EHR vendor, is responsible for taking the steps needed to protect the confidentiality, integrity, and availability of health information in your EHR and comply with The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Rules and CMS’ Meaningful Use requirements.


Cybersecurity Game shield icon


Your Medical Practice

Play the Game

Integrating Privacy & Security Into Your Medical Practice

The HIPAA Privacy and Security Rules protect the privacy and security of individually identifiable health information. HIPAA Rules have detailed requirements regarding both privacy and security.

  • The HIPAA Privacy Rule covers protected health information (PHI) in any medium, while the
  • The HIPAA Security Rule covers electronic protected health information (ePHI).

In addition to HIPAA, you must comply with all other applicable federal, state, and local laws.


Read More

Privacy & Security 10 Step Plan

Ensuring privacy and security of health information in an EHR is a vital part of Meaningful Use.  Security risk analysis and management are foundational to this effort. The process can be challenging, but is achievable through a step-wise approach.  

This 10-step privacy and security plan is not intended as a statement of meeting HIPAA or Meaningful Use requirements. It’s just one suggested organized approach recommended to address various federal privacy and security requirements.


Read More

Privacy & Security and Meaningful Use

HIPAA privacy and security requirements are embedded in the Medicare and Medicaid EHR Incentive Programs through the following meaningful use requirements.  To fulfill requirements of Stage 1 of Meaningful Use, eligible providers need to “attest” that they have met certain measures or requirements regarding the use of the EHR for patient care. 

Learn more about privacy, security, and meaningful use in Chapter Two of the downloadable Privacy and Security Guide.


Download Chapter 2 [PDF-1 MB]

Mobile Devices Privacy and Security

Health IT: Mobile Devices Privacy and Security


Read More




Privacy & Security Resources

Get started today! HHS Office of the National Coordinator for Health IT (ONC), Office for Civil Rights (OCR), and other HHS agencies have developed and issued a number of guidance, tools, and educational materials designed to help you better integrate privacy and security into your practice’s use of EHRs. A brief description of each resource is provided, along with a direct link.

Read More