Get the latest public health information from CDC: https://www.coronavirus.gov
Get the latest research information from NIH: https://www.nih.gov/coronavirus https://www.nih.gov/coronavirus
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules protect individually-identifiable health information and grant rights grant to individuals concerning the privacy and security of their data. Together, these rules and other provisions in HIPAA established the groundrules for widespread use of electronic health records to collect and exchange both administrative and clinical data. These rules have far-reaching implications for all involved in the delivery, payment and study of health services.
The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections. (Department of Health and Human Services)
The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. (Department of Health and Human Services)
The Office for Civil Rights of the U.S. Department of Health and Human Services is responsible for enforcing the HIPAA Privacy Rule and the HIPAA Security Rule, as well as the confidentiality provisions of the Patient Safety and Quality Improvement Act of 2005 (PSQIA) or Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety. OCR also provides up-to-date advice and resources specifically related to HIPAA and Research.
The Office of the National Coordinator for Health Information Technology (ONC) has established a central resource that explains Privacy and Security Policy in the context of the implementation of electronic health data exchange, for both researchers and providers.
ASETT provides a means for individuals or organizations to file complaints against HIPAA covered entities. It also can validate code values against clinical and non-clinical code sets
The centralized resource for CMS assessment instrument data elements (e.g. questions and responses) and their associated health information technology (IT) standards.
The HRBT makes available to the public information that entities covered by the HIPAA report to OCR when they are involved in breaches of unsecured protected health information of 500 or more individuals. The tool includes: the name of the entity; state it is located in; number of individuals affected by the breach; date of the breach; type of breach; and location of the breached information.
This tool is designed for health care providers, practice staff, hospital administrators and others who are implementing a HIT system. Included are chapters on patient engagement, electronic health records, population and public health, privacy and security, patient safety, and value based care.
Tool streamlines and simplifies the electronic record request process for patients.
A toolkit for providers to measure, assess, and troubleshoot key performance indicators for ICD-10 migration.
ICD is the foundation for the identification of health trends and statistics globally, and the international standard for reporting diseases and health conditions. This newest version is entirely electronic, much more user friendly, and includes new chapters on traditional medicine and sexual health.
ONC has created several original data briefs providing information about EHR adoption, progress towards meaningful use, and current trends in health information technology and public health. Each data brief conveys complex statistical data and summarizes it in a straightforward manner using text and graphics.
Outlines the processes of securely enrolling patients in EHRs.
Using a game format, this security training module requires users to respond to privacy and security challenges often faced in a typical small medical practice.
The product consist of nine pdf guides in the following areas: High Priority Practice, Organizational Responsibilities, Contingency Planning, System Configuration, System Interfaces, Patient Identification, Computerized Provider Order Entry with Decision Support, Test Results Reporting and Follow Up, Clinician Communication
This is a glossary of informatics organizations, activities, and terms.
The tool is designed to help healthcare providers conduct a security risk assessment as required by the HIPAA Security Rule and the Centers for Medicare and Medicaid Service (CMS) Electronic Health Record (EHR) Incentive Program.
The results of a survey which examined consumers security and privacy concerns about their electronic health records.
To reduce paperwork and streamline business processes across the health care system, the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the Patient Protection and Affordable Care Act (ACA) set national standards for: Electronic transactions, Code sets, Unique identifiers
As part of the Trump Administration’s MyHealthEData initiative, this final rule is focused on driving interoperability and patient access to health information by liberating patient data using CMS authority to regulate Medicare Advantage (MA), Medicaid, CHIP, and Qualified Health Plan (QHP) issuers on the Federally-facilitated Exchanges (FFEs). This rule finalizes new policies that help liberate health information and move the healthcare system toward greater interoperability.
This final rule makes changes to the Department of Health and Human Services’ (HHS) regulations governing the Confidentiality of Substance Use Disorder Patient Records. These changes were prompted by the need to continue aligning the regulations with advances in the U.S. health care delivery system, while retaining important privacy protections for individuals seeking treatment for substance use disorders (SUDs).
The FDA's guidance on oversight on mobile medical applications.
Report focuses on "mHealth technologies" and "health social media," neither of which was included in HIPAA legislation.
This final rule eliminates the regulatory requirement for health plans to obtain and use a health plan identifier (HPID) and eliminates the voluntary acquisition and use of the other entity identifier (OEID). The final rule also simplifies the process for deactivating the existing identifiers to minimize operational costs for covered entities.
The Office of Civil Rights has assembled methods for de-identification of covered information.
CMS provides information on the Health Insurance Portability and Accountability Act of 1996.
Research organizations and researchers may or may not be covered by the HIPAA Privacy Rule. This website provides information on the Privacy Rule for the research community, specifically addressing Clinical Research, Health Services Research, Research Repositories and Databases, Institutional Review Boards, Privacy Boards, Authorizations and Information for Patients.
This presents the full text of the HITECH Act from February 17, 2009.
Webpage compares the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The section describes both laws and contains an easily downloaded graphic comparing them. This resource is a handy reference for healthcare providers, school personnel, and others interacting with FERPA and HIPAA.
ONC and OCR have announced the creation of model Notices of Privacy Practices for health care providers and health plans to use to communicate with their patients and plan members.
The Final Rule, dated September 4, 2012, contains standards for Privacy and Security Certification and on the technical capabilities and implementation standards for the EHR.
Issued in 2013, the Final Rule related to HIPAA, specifically on the establishment of national standards for the electronic transmission of certain health information are available.
This report from 2006 contains detailed chapters on privacy and security.
Electronic book provides a look at how organizations can improve cybersecurity and inform debate and policy creation by developing a framework.
This brief describes current regulations regarding personal health information and common challenges researchers face in using PHI.
Practice guide provides IT implementers and security engineers with a detailed architecture guided by standards and best practices from NIST and others, including coverage of the Health Insurance Portability and Accountability Act (HIPAA) rules.
Note argues that despite the concerns of EHR critics, patient privacy and a digital record system may peacefully coexist. To ensure that privacy is maintained, physicians, information technology specialists, hospital personnel, the federal government, and patients must work together to implement the necessary safeguards for a successful and secure EHR system.
This book from 1997 discusses the major privacy and security concerns that the electronic health record creates and posits ways of protecting this information.
This document defines the legal health record, and attempts to align it with the EHR-designated record set required by the HIPAA privacy rule.
The road map was developed to activate governors and their senior state leaders to drive forward policies that support the seamless flow of clinical patient health care information between providers while protecting patient privacy, as a step toward nationwide interoperability
This publication provides guidelines for establishing and participating in cyber threat information sharing relationships. This guidance helps organizations establish information sharing goals, identify cyber threat information sources, scope information sharing activities, develop rules that control the publication and distribution of threat information, engage with existing sharing communities, and make effective use of threat information in support of the organization's overall cybersecurity practices.
This guideline presents a step-by-step analysis of the procedures necessary for safeguarding the electronic health record.
Monthly reports provide information on threats, vulnerabilities, mitigation information, reports, and resources.
This document represents the unofficial, but simplified, version of 45 CFR Parts 160, 162, and 164
The kit contains three main pieces: a maturity model, an assessment tool, and a users' guide. The maturity model identifies the major components of HIS interoperability and lays out an organization's growth pathway through these components. The assessment tool can be used to systematically determine the maturity level of an organization or country.
Collection of tools and resources designed to help address legal barriers and facilitate data sharing while ensuring health agencies and organizations operate within the legal requirements of HIPAA and other laws and regulations.
This document explains the HIPAA rule, in conjunction with the electronic health record.
This guidance addresses the privacy rights individuals have with regard to their personal health information that is held by a public health agency or department.
The ISA is a coordinated online catalog platform of standards and implementation specifications that are available for use by the health IT industry to meet interoperability needs.
This paper explores the legal and policy challenges associated with secondary use of electronic clinical data.
This site provides information on meaningful use and the Health Information Technology for Economic and Clinical Health (HITECH) Act.
This fact sheet provides an overview of four issues that need to be addressed to facilitate adoption of data standards and potential solutions: ineffective coordination between stewards, data standards that do not meet needs of registries, expense of data standard adoption and maintenance, and lack of support from the federal government.
This document adds additional general program guidance related to surveillance, supplementing the "Permanent Certification Program Final Rule".
This article from the Stanford Law Review suggests legislative changes that would assist in the adoption of the electronic health record.
The Precision Medicine Initiative (PMI) aims to move away from the "one-size-fits-all" approach to health care delivery and to instead tailor treatment and prevention strategies to people's unique characteristics, including environment, life style, and genes. The White House released a trust framework for PMI to ensure that PMI data is appropriately secured and protected. This framework includes principles for both privacy and data security.
Taking into consideration the legal requirements of health information security, this guide details the steps that should be taken to secure health information online.
This document, and accompanying toolbox, outline the standards necessary for privacy and security related to electronic health information.
This website provides an overview on the various requirements related to HIPAA, privacy and security, and the responsibilities of providers in protecting patient rights.
This document outlines a series of recommended steps to ensure the security of patient information. It focuses on initiating an electronic health information exchange in New York State.
This report focuses on; Research on the types, severity, and frequency of health IT-related events; Research on usability and interoperability; and identification and evaluation of tools and interventions intended to avoid the risks of health IT or that use health IT to make care safer.
This report suggests ways of sharing clinical trials data, while minimizing the risks of privacy violation.
This document was developed to help clinicians reduce the regulatory and administrative burden related to the use of health IT, including EHRs.
Conducted during 2009 as part of HISPC, this compendium of five reports detail variations in state law, business practices and policy related to privacy and security and the electronic exchange of health information.
Resources on EHR use, guidance, and lessons learned in disaster situations.
The agenda, speaker information, and videos from the June 5-6, 2013 conference in Washington, D.C. is available on this website.
Recordings from the 2015 Health Privacy Summit speaker sessions.
Held on June 6 and 7, 2012, the videos from this conference on the privacy issues raised by emerging health technologies are available for viewing.
A 2016 recorded webinar in which speakers discuss how the federal government is addressing cybersecurity and how healthcare organizations can prepare and plan for cybersecurity incidents.
One-hour on-demand webinar. Registration is required.
The website for this meeting Includes slide from contributed papers, including: "Regulatory Challenges and Solutions", "Technical Infrastructure Challenges and Solutions", and "Leveraging EHRs to Advance Research and Improve Healthcare: Challenges and Opportunities"
Registration is required for this one-hour, on demand webinar, which looks at providing clinicians and healthcare providers access to appropriate patient information, while maintaining security of that data.
Videos are available from the 2016 summit, which examined the role of big data in health privacy.
This webinar from August 2011 features presentations which suggest ways in which healthcare providers can protect themselves and their patients from unauthorized data breaches.
This series of videos is designed to assist organizations in performing a risk assessment.
Originally aired on September 27, 2016, this webinar discusses the ways in which critical access hospitals can protect their systems from malicious software (malware).
These on-demand videos are designed to assist organizations in preparing their systems for privacy protection in an emergency situation.
An annual summit on patient privacy rights.
This committee meets throughout the year. Meetings are posted with information on connecting to a webcast of the meeting.
This course provides a framework to analyze these concerns as you examine the ethical and privacy implications of collecting and managing big data.
CMS has assembled a variety of resources to assist professionals in obtaining training in the proper use of the electronic health record.
The opportunity to participate in unpaid Federal Information Privacy Intern positions for undergraduate and graduate students is described in the webpage.
This page provides an overview of the careers that have developed to support the implementation of the electronic health record.
Registration is required to utilize this free curriculum. Included in the course are Working with Health IT Systems, Configuring Electronic Health Records, and Planning, Management and Leadership for Health IT.
This issue brief looks at the privacy concerns of consumers related to the electronic health record, as well as concerns regarding paper medical records.
The search strategy focuses on all aspects of the Electronic Health Record. Subjects include: implementation, attitudes, beliefs and use, data privacy, health data standards and consumer access to the EHR and personal health records
The issue of correctly matching the patient to their EHR is the subject of this report, which includes best practices for patient safety and information security.
This area of HealthIT.gov was designed to solicit public input on the Federal Health IT Strategic Plan. Site has been archived, but comments are still available to view.
This collection of links from AHIMA presents an overview on privacy and security related to the electronic health record. A link is provided to their Practice Briefs.
This resource page provides links to reports and other information concerning medical identity theft in the United States.
This website outlines the steps providers and professionals must take to safeguard patient information when working on mobile devices.
Grants related to cybersecurity, some of which relate to health issues.
This Funding Opportunity Announcement invites R18 grant applications that disseminate and implement patient-centered outcomes research evidence in clinical practice by scaling computer-based, interoperable clinical decision support.
Funding for research project grant (R01) applications to leverage large-scale, real-world data from electronic health records (EHRs) from a variety of systems to understand risk, onset, course, and impact of treatments and services for mental and neurological disorders and to identify promising new mental health and neurological disorders research.
This funding opportunity will address well-documented and fast emerging challenges that inhibit the development, use, and/or advancement of well-designed, interoperable health IT. It is expected to further a new generation of health IT development and inform the innovative implementation and refinement of standards, methods, and techniques for overcoming major barriers and challenges as they are identified.
This funding opportunity announcement (FOA) seeks to support research that examines how health information technology adoption impacts minority health and health disparity populations in access to care, quality of care, patient engagement, and health outcomes.
Professional community that improves healthcare by advancing best practices and standards for health information management and the trusted source for education, research, and professional credentialing.
The vision of the Digital Bridge is to improve the health of our nation by enhancing bidirectional information exchange between public health and health care. A first of its kind initiative, the Digital Bridge has created a forum for key decision makers in the public health, health care and health information technology arenas to collaborate and share challenges, opportunities and ideas towards achieving this vision.
The Electronic Health Record (EHR) Reporting Program will provide publically available, comparative information on certified health IT. The program will reflect input from developers and voluntary input from end users of certified health IT to design reporting criteria that will inform the purchasing and implementation decisions of certified health IT users.
EPIC is a public interest research center in Washington, D.C. It was established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and constitutional values.
Resource to support the adoption of health information technology and the promotion of nationwide health information exchange to improve health care.
IHE USA is a part of the international group, and focuses on fostering consistent information standards.
This organization focuses on the global information privacy community, to assist them in managing and protecting their data.
OCR helps to provide protections from discrimination in health care and social service programs. It also helps to protect the privacy of the health information held by health insurers and certain health care providers and health insurers.
ONC is the principal federal entity charged with coordination of nationwide efforts to implement and use the most advanced health information technology and the electronic exchange of health information.
A set of tools, podcasts and use cases designed to assist organizations in protecting patient privacy.
Driven by the growing interest in capturing social risk and protective factor data in health care settings, the Gravity Project brings industry leaders together to identify and harmonize social risk and protective factor data for interoperable electronic health information exchange.
This non-profit organization focuses on conducting in-depth research, analysis, and consumer education in the area of privacy.