• Print

Privacy & Security Policy

HIPAA and Health IT

The Office for Civil Rights (OCR) has published new Health Insurance Portability & Accountability Act of 1996 (HIPAA) Privacy Rule guidance documents as part of a Privacy and Security Toolkit to implement The Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information (Privacy and Security Framework). These new guidance documents discuss how the Privacy Rule can facilitate the electronic exchange of health information.

Please see HIPAA Privacy Rule and Health IT to review the following guidance:

  • Privacy and Security Framework: Introduction
    • Privacy and Security Framework: Correction Principle and FAQs
    • Privacy and Security Framework: Openness and Transparency Principle and FAQs
    • Privacy and Security Framework: Individual Choice Principle and FAQs
    • Privacy and Security Framework: Collection, Use, and Disclosure Limitation Principle and FAQs
    • Privacy and Security Framework: Safeguards Principle and FAQs
    • Privacy and Security Framework: Accountability Principle and FAQs
  • The HIPAA Privacy Rule's Right of Access and Health Information Technology
  • Personal Health Records (PHRs) and the HIPAA Privacy Rule

The HIPAA Security Rule and Health IT

The HIPAA Security Information Series is a group of educational papers, which are designed to give HIPAA-covered entities insight into the Security Rule and assistance with implementation of the security standards.

Please see HIPAA Security Information Series to review the following developed by the Centers for Medicare & Medicaid Services:

  • Security 101 for Covered Entities
  • Security Standards: Administrative Safeguards
  • Security Standards: Physical Safeguards
  • Security Standards: Technical Safeguards
  • Security Standards: Organizational Policies
  • Basics of Risk Analysis and Risk Management
  • Security Standards: Implementation for the Small Provider
  • HIPAA Security Guidance for Remote Use of and Access to Electronic Protected Health Information