Customer Support: 800-526-4902
 
Sign In Contact Us
Home > Legal Library > Article




Join Matindale-Hubbell Connected

New ONC Guide Helps Physicians Understand HIT Privacy, Security Issues




by:
Bruce D. Armon
Andrew J. Siegel
Saul Ewing LLP - Philadelphia Office

 
May 29, 2012

Previously published on May 2012

Summary
The federal government has released a comprehensive guide to help healthcare professionals understand the role of privacy and security when implementing health information technology.

On May 8, 2012, the HHS Office of the National Coordinator for Health Information Technology (ONC) released its "Guide to Privacy and Security of Health Information" (the "Guide") to help medical practices and their staffs better understand the roles of privacy and security in using electronic health records (EHR) and implement best practices in protecting patient information.

Medical practices participating in the Medicare and Medicaid EHR Incentive Program should be aware of the HIPAA privacy and security provisions included in the Stage 1 meaningful use requirements. This includes Core Objective & Measure 12, which requires medical practices to provide patients with an electronic copy of their health information upon request; and Core Objective & Measure 15, which requires medical practices to protect electronic health information created or maintained by certified EHR technology through the implementation of appropriate technical capabilities.

The 47-page Guide, available at http://www.healthit.gov/sites/default/files/pdf/privacy/privacy-and-security-guide.pdf, provides direction for satisfying the meaningful use standards, as well as advice on working with health information technology vendors, a checklist for risk management in medical practices and a useful compendium of available privacy and security tools and resources.

The Guide also includes a 10-step privacy and security plan for medical practices. There are recommendations for selecting a security officer, conducting risk analysis, developing an action plan to manage and mitigate identified risks and educating staff and communicating with patients. For those medical practices that have yet to establish EHR systems, the Guide includes a helpful chart showing the different risks associated with office-based and Internet-hosted systems.

Medical practices should review the Guide to better understand HIPAA and meaningful use requirements and to educate their staff on proper ways to manage electronic health information. The Guide should also serve as a reminder to healthcare professionals to take the opportunity to continually monitor and evaluate their practice's HIPAA compliance.



 

The views expressed in this document are solely the views of the author and not Martindale-Hubbell. This document is intended for informational purposes only and is not legal advice or a substitute for consultation with a licensed legal professional in a particular case or circumstance.
 

View More Library Documents By...

 
Practice Area
 
Health Care
 
Saul Ewing LLP Overview


 

Practice Area Resource Centers
Visit our Practice Area Resource Centers to view practice area specific content compiled from a variety of legal sources. Find related articles, podcasts, industry leader insights and much more. We currently offer the following Practice Areas:Litigation;Intellectual Property;Real Estate;Corporate Law;Criminal Law;Bankruptcy;Immigration;Business Law;Insurance;Taxation;Labor & Employment;Commercial Law;Medical Malpractice;Trusts & Estates;Securities;International Law ;Health Care;Environmental Law;Construction Law;Workers' Compensation
Printer Friendly Version
Featured Services
About Us
LexisNexis© Digital Network
Follow Us

Terms & Conditions | Privacy | Copyright © 2013 LexisNexis, a division of Reed Elsevier Inc. All rights reserved.