• Print

Implementation Resources


Privacy and Security

Health Care Professionals’ Privacy, Security, and Breach Notification Guide

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a Federal law that sets national standards for how health care plans, health care clearinghouses, and most health care provid...

Privacy Questions for EHR Developers

ONC’s list of questions to ask EHR developers regarding their company, product, pricing, interfaces, implementation, maintenance, and support. ...

Security Risk Assessment (SRA) Tool

HHS downloadable tool to help providers from small practices navigate the security risk analysis process.  ...

Sample Business Associate Contract Provisions

OCR sample Business Associate (BA) contract language to help Covered Entities (CEs) more easily comply with the HIPAA Privacy Rule....

HIPAA Security Rule Educational Paper Series

A series of educational papers on the HIPAA Security Rule, as well as additional links to HIPAA Security Rule guidance....

The Health Information Security and Privacy Collaboration Toolkit

Toolkit provides guidance for conducting organization-level assessments of business practice, policies, and state laws that govern the privacy and security of health information exchange...

MedlinePlus Connect: National Library of Medicine

MedlinePlus Connect is a free service of the National Library of Medicine (NLM), National Institutes of Health (NIH), and the Department of Health and Human Services (HHS). This service allows health ...

Privacy, Security and Electronic Health Records

This guide provides information on privacy and security, and electronic health records (EHRs). While EHRs allow providers to use information more effectively, they do not affect the privacy and securi...

HIPAA Security Toolkit Application

National Institute of Standards and Technology (NIST) toolkit to help organizations better understand the requirements of the HIPAA Security Rule, implement those requirements, and assess those imple...

Your Mobile Device and Health Information Privacy and Security

Physicians, health care providers and other health care professionals are using smartphones, laptops and tablets in their work. The U.S. Department of Health and Human Services has gathered these tips...

Practice Transformation Toolkit

Practice Transformation Toolkit Introduction The Practice Transformation Toolkit (Toolkit) is a comprehensive set of tools and resources that providers and staff members can use to implement a new or ...

Secure Messaging FAQs

Use or re-purpose these FAQs to discuss Secure Electronic Messaging with your patients ...

ACO Case Study

The purpose of this case study is to educate RECs, providers, and other healthcare organizations on how to start and maintain an Accountable Care Organization (ACO) by highlighting the processes and i...

HIPAA and Emergency Situations Resources

These pages address the release of protected health information for planning or response activities in emergency situations.  In addition, please view the Civil Rights Emergency Preparedness page...

OCR Guidance Materials for Consumers

Most of us believe that our medical and other health information is private and should be protected, and we want to know who has this information. The Privacy Rule, a Federal law, gives you rights ove...

Model Notices of Privacy Practices

ONC and OCR’s customizable NPPs for use by providers and health plans....

Guidance on Risk Analysis Requirements under the HIPAA Security Rule

The Office for Civil Rights (OCR) is responsible for issuing annual guidance on theprovisions in the HIPAA Security Rule.1 (45 C.F.R. §§ 164.302 – 318.) This series ofguidances will assist organiz...

Communicating with a Patient’s Family, Friends, or Others Involved in the Patient’s Care

This guide explains when a health care provider is allowed to share a patient’s health information with the patient’s family members, friends, or others identified by the patient as involved in th...

Reassessing Your Security Practices in a Health IT Environment A Guide for Small Health Care Practices

Health information security is an iterative process driven by enhancements in technology as well as changes to the health care environment. As you adopt new health IT to enhance the quality and effici...

Medicare Incentive Payment Calculator for Providers

Notes and Disclaimers: a To be eligible, providers must be: 1) Using a certified EHR in a meaningful manner, 2) Exchanging healthinformation to improve the quality of care, and 3) Reporting on clini...

Guide to Privacy and Security of Health Information

What Is Privacy & Security and Why Does It Matter? In your medical practice, patients are unlikely to share sensitive information unless they trust that you will honor theirconfidentiality. As you...

Information Security Policy Template

The Information Security Policy Template that has been provided requires some areas to be filled in to ensure the policy is complete. Once completed, it is important that it is distributed to all staf...
{@Tuesday, February 20, 2018@}