How do I protect the confidentiality, integrity, and availability of personal health information in my EHR system?
Privacy refers to an individual’s right to keep certain personal health information free from unauthorized access. Security is the means to control access and to protect this information from accidental or intentional disclosure. Your practice is responsible for protecting the confidentiality, integrity, and availability of personal health information in your electronic health record (EHR) system.
Everyone plays a role in securing electronic health information — it’s truly a shared responsibility. Health care providers must comply with the law that protects a person’s right to privacy.
Adherence to privacy and security standards fosters patient trust. It assures patients that their electronic health information — while under your control — will remain confidential, accurate, and secure. This creates an environment where patients are more willing to share their health information, which gives providers a more complete picture of patients’ overall health. Together, providers and their patients can make more-informed decisions.
Health information breaches can have serious consequences for your organization. Security breaches can:
- Harm patients
- Damage an organization’s reputation
- Cause financial harm
Poor privacy and security practices make the patient information in your health information system more vulnerable and increases the risk of a successful cyber-attack.