Privacy and Security
A key component to building trust is to ensure the privacy and security of all health information. If any one in a network lacks trust in the exchange of information due to risks, it could affect their willingness to disclose necessary health information and could have life threatening consequences. To help patients understand their privacy and security rights under HIPAA, visit or refer patients to The HHS Office for Civil Rights: http://www.hhs.gov/ocr/privacy
The Health Information Technology for Economic and Clinical Health (HITECH) Act under the American Recovery and Reinvestment Act (ARRA) of 2009 established a set of incentives and penalties for adoption and use of certified EHR systems. The ultimate vision is to improve the quality of care and the value of American health Care. (Learn More: https://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/downloads/FAQsRemediatedandRevised.pdf)
Your practice, not your EHR vendor, is responsible for taking the steps needed to protect the confidentiality, integrity, and availability of health information in your EHR and comply with The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Rules and CMS’ Meaningful Use requirements.
The four main steps in implementing a privacy and security plan are:
• Risk Analysis and Action Plan
• Risk Management
• Meaningful Use