- ONC Releases Privacy and Security Guidance Geared Toward Small Providers
- May 25, 2015
- Law Firm: Mintz Levin Cohn Ferris Glovsky Popeo P.C. - Boston Office
- The HHS Office of the National Coordinator for Health Information Technology (“ONC”) recently released a new and improved version 2.0 of their Guide to Privacy and Security of Electronic Health Information. This revamped version has been reorganized and rewritten to be more user-friendly for small organizations addressing federal privacy and security requirements for their practices. Though the Guide is targeted to small providers, providers of all sizes, and their business associates, will find it useful.
The Guide provides a general overview of the HIPAA Privacy and Security Rules and the EHR Incentive Programs, and gives pragmatic advice in areas including:
- How to identify whether a contractor is a Business Associate under HIPAA;
- When patient authorizations are and are not required to disclose protected health information (“PHI”);
- Questions to ask EHR health IT developers about security; and
- How to implement a security management process to address the security requirements of the EHR Incentive Programs.
Notably, the Guide does not include information on state privacy laws or state data breach notification laws. Providers should ensure that they are aware of the requirements imposed by the states in which they operate and may find the Mintz Matrix of state data breach notification laws to be a useful starting point.