Recent data breaches at some of the country’s major healthcare organizations have prompted the Office of the National Coordinator for Health IT (ONC) to update its 2011 version of its Guide to Privacy and Security of Electronic Health Information.
The new guide, says the ONC, is specifically geared toward those providers who are “eligible professionals” under the Meaningful Use regulations, but it also is applicable to all HIPAA-covered entities or business associates
The goal of the new guide is to enable providers to “better understand how to integrate federal health information privacy and security requirements into their practices,” according to the ONC.
In addition to providing summaries of the HIPAA Privacy, Security and Breach Notification Rules, the guide also provides answers to a number of questions relating to patient information, disclosures, authorizations, patients’ rights and how HIPAA interacts with state law.
Included in the guide is a sample of a seven-step approach for implementing a security management process:
Step 1 – Lead your culture, select your team, and learn
Step 2 – Document your process, findings, and actions
Step 3 – Review existing security of electronic Protected Health Information (ePHI) (i.e., perform a security risk analysis)
Step 4 – Develop an action plan
Step 5 – Manage and mitigate risks
Step 6 – Attest for Meaningful Use security-related objective
Step 7 – Monitor, audit, and update security on an ongoing basis
The guide provides additional information on how to implement each of the steps. Recommendations include designating a security officer(s), promote a culture of protecting patient privacy and document, document, document!
“Basic cybersecurity practices are needed to protect the confidentiality, integrity, and availability of health information in the EHR system. These protections are essential whether the EHR is installed on a server in your office or hosted on your behalf by a developer over the Internet,” the guide states.
HIPPA for the complete guide
The Health Law Offices of Anthony C. Vitale assists clients with HIPAA compliance issues. Give us a call to discuss your individual needs.