- Protecting patients’ privacy and securing their health information is
a core requirement for the U.S. Centers for Medicare and Medicaid incentives programs for electronic health records (EHRs)1. Further, effective privacy and security measures protect your clinical practice from potential Health Insurance Portability and Accountability Act of 1996 (HIPAA) civil and criminal liabilities2. Currently, your practice may have some privacy and security measures in place, such as private exam rooms, a notice of privacy practices, or a secure way to transmit patient information for billing. Ensuring privacy and security of health information, including
information in electronic health records (EHR), is a key component to
building the trust required to realize the potential benefits of electronic
health information exchange. If individuals and other participants in a
network lack trust in electronic exchange of information due to perceived
or actual risks to electronic health information or the accuracy and
completeness of such information, it may affect their willingness to
disclose necessary health information and could have life-threatening consequences.
Your practice, not your EHR vendor, is responsible for taking the steps needed to protect the confidentiality, integrity, and availability of health information in your EHR and comply with HIPAA Rules and CMS3 Meaningful Use requirements.
Here’s a link to “privacy-and-security-guide.pdf” in my Dropbox: