In this section
Learn how to:
- Safeguard personal health information
- Incorporate privacy and security into your EHR
- Perform a risk assessment of your practice
How do I protect the confidentiality, integrity, and availability of personal health information in my EHR system?
Under federal regulation, your practice is responsible for protecting the confidentiality, integrity, and availability of personal health information that is maintained in or can be accessed through your electronic health record (EHR) system. “Privacy” generally refers to an individual’s ability to keep certain personal health information free from unauthorized access and the ability to access and share the information themselves. “Security” is the way your practice controls access and protects this information, including safeguarding it from accidental or intentional disclosure.
Protecting patient privacy and securing electronic health information is a shared responsibility. Adherence to privacy and security standards fosters patient trust. It assures patients that their electronic health information — while under your control — will remain confidential, accurate, and secure. This increases the likelihood that patients will share their health information with you, which gives clinicians a more complete picture of patients’ overall health. Together, clinicians and their patients can make better-informed decisions.
Health information breaches can have serious consequences. They can:
- Harm patients
- Damage an organization’s reputation
- Cause financial harm
Poor privacy and security practices make the patient information available through your health information system more vulnerable to a successful cyber-attack.