The HHS Office of the National Coordinator for Health Information Technology (“ONC”) recently released a new and improved version 2.0 of their Guide to Privacy and Security of Electronic Health Information. This revamped version has been reorganized and rewritten to be more user-friendly for small organizations addressing federal privacy and security requirements for their practices. Though the Guide is targeted to small providers, providers of all sizes, and their business associates, will find it useful.
The Guide provides a general overview of the HIPAA Privacy and Security Rules and the EHR Incentive Programs, and gives pragmatic advice in areas including:
-
How to identify whether a contractor is a Business Associate under HIPAA;
-
When patient authorizations are and are not required to disclose protected health information (“PHI”);
-
Questions to ask EHR health IT developers about security; and
-
How to implement a security management process to address the security requirements of the EHR Incentive Programs.
In addition to the Guide, providers can use the HIPAA compliance and training tools developed by ONC and the Office for Civil Rights (“OCR”) to assess their current privacy and security practices, including the security risk assessment tool, the HIPAA Phase I audit protocol, and ONC’s privacy and security training games.