NLM logo

National Information Center on Health Services Research and Health Care Technology (NICHSR)

COVID-19 is an emerging, rapidly evolving situation.

Get the latest public health information from CDC:
Get the latest research information from NIH:

Serving the Information Needs of the
Health Services Research Community

Email Updates

Please enter your email address in the box below for updates:


Brown ArrowPrivacy/Security and Research with Electronic Health Records

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules protect individually-identifiable health information and grant rights grant to individuals concerning the privacy and security of their data. Together, these rules and other provisions in HIPAA established the groundrules for widespread use of electronic health records to collect and exchange both administrative and clinical data. These rules have far-reaching implications for all involved in the delivery, payment and study of health services.

The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections. (Department of Health and Human Services)

The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. (Department of Health and Human Services)

The Office for Civil Rights of the U.S. Department of Health and Human Services is responsible for enforcing the HIPAA Privacy Rule and the HIPAA Security Rule, as well as the confidentiality provisions of the Patient Safety and Quality Improvement Act of 2005 (PSQIA) or Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety. OCR also provides up-to-date advice and resources specifically related to HIPAA and Research.

The Office of the National Coordinator for Health Information Technology (ONC) has established a central resource that explains Privacy and Security Policy in the context of the implementation of electronic health data exchange, for both researchers and providers.

  • Data Science Ethics Details

    This course provides a framework to analyze these concerns as you examine the ethical and privacy implications of collecting and managing big data.

  • Educational Resources Details

    CMS has assembled a variety of resources to assist professionals in obtaining training in the proper use of the electronic health record.

  • Federal Information Privacy Internship Program Details

    The opportunity to participate in unpaid Federal Information Privacy Intern positions for undergraduate and graduate students is described in the webpage.

  • HIM Professional Roles in E-HIM Details

    This page provides an overview of the careers that have developed to support the implementation of the electronic health record.

  • ONC HIT Curriculum Overview Details

    Registration is required to utilize this free curriculum. Included in the course are Working with Health IT Systems, Configuring Electronic Health Records, and Planning, Management and Leadership for Health IT.

  • American Health Information Management Association (AHIMA) Details

    Professional community that improves healthcare by advancing best practices and standards for health information management and the trusted source for education, research, and professional credentialing.

  • Digital Bridge Details

    The vision of the Digital Bridge is to improve the health of our nation by enhancing bidirectional information exchange between public health and health care. A first of its kind initiative, the Digital Bridge has created a forum for key decision makers in the public health, health care and health information technology arenas to collaborate and share challenges, opportunities and ideas towards achieving this vision.

  • EHR Reporting Program Details

    The Electronic Health Record (EHR) Reporting Program will provide publically available, comparative information on certified health IT. The program will reflect input from developers and voluntary input from end users of certified health IT to design reporting criteria that will inform the purchasing and implementation decisions of certified health IT users.

  • Electronic Privacy Information Center (EPIC) Details

    EPIC is a public interest research center in Washington, D.C. It was established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and constitutional values.

  • Details

    Resource to support the adoption of health information technology and the promotion of nationwide health information exchange to improve health care.

  • IHE USA Details

    IHE USA is a part of the international group, and focuses on fostering consistent information standards.

  • International Association of Privacy Professionals Details

    This organization focuses on the global information privacy community, to assist them in managing and protecting their data.

  • Office for Civil Rights Details

    OCR helps to provide protections from discrimination in health care and social service programs. It also helps to protect the privacy of the health information held by health insurers and certain health care providers and health insurers.

  • Office of the National Coordinator for Health Information Technology Details

    ONC is the principal federal entity charged with coordination of nationwide efforts to implement and use the most advanced health information technology and the electronic exchange of health information.

  • Security - Health Information Technology Details

    A set of tools, podcasts and use cases designed to assist organizations in protecting patient privacy.

  • The Gravity Project Details

    Driven by the growing interest in capturing social risk and protective factor data in health care settings, the Gravity Project brings industry leaders together to identify and harmonize social risk and protective factor data for interoperable electronic health information exchange.

  • World Privacy Forum Details

    This non-profit organization focuses on conducting in-depth research, analysis, and consumer education in the area of privacy.