• Print

Privacy & Security

Health IT Privacy and Security Resources

Get started today! ONC, HHS Office for Civil Rights (OCR), and other HHS agencies have developed and issued a number of guidance, tools, and educational materials designed to help you better integrate privacy and security into your practice. Below are brief description of each health IT privacy and security resource, along with a direct link.

Technical Assistance

  • Regional extension centers (RECs) offer competent technical assistance with expertise in directly assisting providers in solo or small practice with all phases of adopting an EHR. To find your local REC, go to or your state or county medical association and other professional associations for additional assistance. Find your closest REC by zip code.

Regulatory & Guidance Information

OCR has launched three modules for health care providers on compliance with various aspects of the HIPAA Privacy and Security Rules, available at Medscape . The Medscape modules offer free Continuing Medical Education (CME) credits for physicians and Continuing Education (CE) credits for health care professionals.

HIPAA

  • Health Information Privacy. U.S. Department of Health and Human Services. Guidance for covered entities on understanding HIPAA privacy.
    • OCR’s Summary of the HIPAA Privacy Rule. Summary of key elements of the Privacy Rule, including who is covered, what information is protected and how information can be used and disclosed.
    • OCR’s Summary of the HIPAA Security Rule. Summary of key elements of the Security Rule, including who is covered, what information is protected, and what safeguards must be in place.
    • Are You a Covered Entity?Describes to whom the Administrative Simplification standards adopted by the U.S. Department of Health and Human Services (HHS) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) apply.
    • Breach Notification Rule. U.S. Department of Health and Human Services. (2009) Describes the interim final breach notification regulations, issued in August 2009, implementing section 13402 of the Health Information Technology for Economic and Clinical Health (HITECH) Act.

Meaningful Use – Health IT Privacy and Security

  • Core Measure 12 [PDF - 145 KB]: Centers for Medicare & Medicaid Services. Eligible Professional Meaningful Use Core Measures. Measure 12 of 15. Nov. 7, 2010. This document provides definitions, attestation requirements and other information related to Meaningful Use Core Measure 12, providing an electronic copy of health information to patients.
  • Core Measure 15 [PDF - 140 KB]: Centers for Medicare & Medicaid Services. Eligible Professional Meaningful Use Core Measures. Measure 15 of 15. Nov. 7, 2010. This document provides definitions, attestation requirements and other information related to Meaningful Use Core Measure 15, protecting electronic health information.
  • Centers for Medicare & Medicaid Services. Eligible Professional Meaningful Use Table of Contents Core and Menu Set Objectives [PDF - 138 KB]. This document provides a listing of and links to Meaningful Use Core Objectives and Menu Objectives for Eligible Professionals.
  • Meaningful Use Grid – Stage 1 [PDF - 364 KB]. This grid provides a quick reference for meaningful use objectives and measures as well as standards and certification criteria.

Tools

Education & Training Materials

Brochures, Fact Sheets, & Videos

  • ONC Cybersecurity Video  . A short video on cybersecurity emphasizing the importance of keeping electronic health information safe and secure.

Patient Relations & Health Information Privacy and Security

Other Federal & State-Level Privacy and Security Resources