News Feature | April 30, 2015

ONC Releases Updated HIT Privacy And Security Guide

Christine Kern

By Christine Kern, contributing writer

DeSalvo Security And Privacy

Update includes new, practical information on cybersecurity, patient access, and EHR guidelines.

The Office of the National Coordinator for Health IT has released an updated and revised Guide to Privacy and Security of Electronic Health Information. The guide, last released in 2011, has been updated to provide the most current information to serve provider practices, health IT, other information technology professionals, and others in the public at large, according to the Health IT blog.

Included in the guide are updates regarding issues of cybersecurity, patient access through Certified Electronic Health Record Technology (CEHRT), and other EHR technology, as well as practical examples of real-world applications of HIPAA privacy and Security Rules.

As Lucia Savage, ONC chief privacy officer, explains, ONC published the draft Interoperability Roadmap expressly committing itself to helping individuals, providers, and the health and health IT community better understand how existing federal law — the Health Insurance Portability and Accountability Act (HIPAA) — supports interoperable exchange of information for health.

Savage asserts that the new guide is the ONC's first step toward fulfilling its commitment made in the draft Interoperability Roadmap to “helping individuals, providers, and the health and health IT community better understand how existing federal law – the Health Insurance Portability and Accountability Act (HIPAA) – supports interoperable exchange of information for health.”

The guide includes scenarios covering privacy and security rules in action, permitted uses, and tackling security. Chapter six of the guide focuses specifically on a Sample Seven-Step Approach for Implementing a Security Management Process, which is available for stand-alone download to aid users tackle serious security issues. In particular, the guide addresses the need for encryption to protect sensitive healthcare information.

“To ensure that providers and patients take full advantage of the secure, private communications capabilities of 2014 Edition CEHRT,” Savage says, “the Guide explains how providers can use their 2014 Edition CEHRT to electronically communicate with their patients while remaining compliant with the HIPAA Security Rule.”