The Office of the National Coordinator for Health IT (ONC) released an updated version of the 2011 Guide to Privacy and Security of Electronic Health Information (Guide). The 62-page Guide provides significant guidance to providers and is specifically geared to providers who are "Eligible Professionals" under the Meaningful Use regulations. However, all covered entities and business associates will benefit from the information provided in the Guide.
ONC states that the goal of the Guide is to enable such providers to "better understand how to integrate federal health information privacy and security requirements into their practices. This new version of the Guide provides updated information about compliance with the Medicare and Medicaid Electronic Health Record (EHR) Incentive Programs' privacy and security requirements as well as the HIPAA Privacy, Security, and Breach Notification Rules."
The Guide examines issues including cybersecurity, EHR technology features and examples of real-world application of HIPAA Privacy and Security Rules. The release addresses heightened security concerns about health care data following this year's high-profile cyberattacks on large health plans. The Guide also provides a handy link to other guidance, including information on mobile devices, and on common questions such as texting and email use.
In addition, the Guide offers examples designed to assist providers in understanding whether someone is or is not a Business Associate.
Please click here for a link to the updated Guide.
As we await the second round of OCR audits, which are coming very soon, providers would be well served by reading and understanding the Guide. If you have questions about the updated Guide or concerns about privacy and information security for your business, please contact the Baker Donelson attorney with whom you regularly work or a member of the Privacy and Information Security Team.