Skip to content Skip to navigation

ONC Updates its Privacy and Security Guide

April 20, 2015
by Rajiv Leventhal
| Reprints

Last week during the annual Healthcare Information and Management Systems Society (HIMSS) conference, the Office of the National Coordinator for Health IT (ONC) published a revised version of its “Guide to Privacy and Security of Electronic Health Information.”

In the foreword of the guide, ONC says that its intent is to help healthcare providers ―especially Health Insurance Portability and Accountability Act (HIPAA) covered entities (CEs) and Medicare eligible professionals (EPs) from smaller organizations―better understand how to integrate federal health information privacy and security requirements into their practices. The new version of the guide provides updated information about compliance with the Medicare and Medicaid Electronic Health Record (EHR) Incentive Programs’ privacy and security requirements as well as the HIPAA Privacy, security, and breach notification rules, says ONC.

In a blog post from Lucia Savage, chief privacy officer, ONC, she says that this is the first step towards fulfilling the commitment the federal agency made in its Interoperability Roadmap— helping individuals, providers, and the health and health IT community better understand how existing federal law, HIPAA, supports interoperable exchange of information for health.

According to Savage’s post, “the guide includes practical information on issues like cybersecurity, patient access through certified electronic health record technology (CEHRT), and other EHR technology features available under the 2014 Edition Certification rule. The guide also includes new, practical examples of the HIPAA privacy and security rules in action, to help everyone understand how those rules may impact their businesses and the people they serve.”

The guide additionally offers: many scenarios for anyone who has struggled to understand when someone is or is not a business associate; provides information about when a provider (or any HIPAA-covered entity) is permitted to exchange information about an individual for treatment, payment, or healthcare operations without being required to have the individual sign a piece of paper before the exchange occurs; and provides practical tips and information about security, Savage said.



McKesson Unveils New Paragon Electronic Health Record Platform

McKesson Enterprise Information Solutions (EIS) announced the latest release of Paragon, its electronic health record (EHR) solution.

Catholic Health Initiatives and Dignity Health are in Merger Talks

Englewood, Colorado-based health system Catholic Health Initiatives is in merger talks with San Francisco-based Dignity Health to potentially create one of the largest nonprofit health systems by revenue in the country.

OSU Wexner Medical Center Receives AHIMA Grace Award

The Ohio State University Wexner Medical Center (OSUWMC) received the American Health Information Management Association (AHIMA) annual Grace Award in recognition of its leadership in health information management.

Kansas Health Information Network Expands its Network across State Lines

The Kansas Health Information Network (KHIN) has announced that it is expanding its horizons, and is now connected to Health Information Exchange Texas (HIETexas).

CMS Selects Vendor to Modernize Critical Identity Infrastructure

The Centers for Medicare & Medicaid Services (CMS) last week announced it had selected San Francisco-based vendor Okta to enhance the security of its information systems.

Mayo Clinic, ASU Partner for Medical Education, Healthcare Innovation

The Mayo Clinic and Arizona State University have announced a partnership centered on transforming medical education and healthcare in the U.S. through a variety of innovation efforts.