Privacy, Security, and Electronic Health Records
The same Federal health information privacy protections that apply to paper records also apply to electronic health records (EHRs).
In accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the U.S. Department of Health and Human Services (HHS) has set forth standards for protecting the privacy and security of certain health information, whether it is stored on paper or electronically. The HIPAA Privacy Rule and the HIPAA Security Rule provide Federal protections for individually identifiable health information, sometimes referred to as “protected health information” (PHI). The Privacy Rule protects paper, electronic, and oral information. The Security Rule applies only to information maintained in electronic form, sometimes referred to as e-PHI. This includes information in EHRs.
Limits on Using and Sharing Patient Information
Learn about the HIPAA Rules' protection of individually identifiable health information, find out what types of information are protected under HIPAA, and discover who is required to follow the HIPAA Rules.
Keeping Your Patients’ Information Secure
The HIPAA Security Rule applies specifically to protected health information in electronic form. This includes information in EHRs. Protecting the security of e-PHI may require a new way of thinking, and compliance with the Security Rule will help providers ensure that e-PHI remains confidential, unchanged, and secure from unauthorized access.
Patient Rights, Provider Responsibilities
Under HIPAA, patients have clearly defined rights when it comes to the privacy of their protected health information, and these rights extend to electronic protected health information, including information in EHRs. Learn about the responsibilities you have with regard to these rights.