Skip Navigation Bar
 

National Information Center on Health Services Research and Health Care Technology (NICHSR)


Serving the Information Needs of the Health Services Research Community


Email Updates
Please enter your email address in the box below for updates:
  

Brown ArrowPrivacy/Security and Research with Electronic Health Records

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules protect individually-identifiable health information and grant rights grant to individuals concerning the privacy and security of their data. Together, these rules and other provisions in HIPAA established the groundrules for widespread use of electronic health records to collect and exchange both administrative and clinical data. These rules have far-reaching implications for all involved in the delivery, payment and study of health services.

The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections. (Department of Health and Human Services)

The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. (Department of Health and Human Services)

The Office for Civil Rights of the U.S. Department of Health and Human Services is responsible for enforcing the HIPAA Privacy Rule and the HIPAA Security Rule, as well as the confidentiality provisions of the Patient Safety and Quality Improvement Act of 2005 (PSQIA) or Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety. OCR also provides up-to-date advice and resources specifically related to HIPAA and Research.

The Office of the National Coordinator for Health Information Technology (ONC) has established a central resource that explains Privacy and Security Policy in the context of the implementation of electronic health data exchange, for both researchers and providers.

EHR Privacy/Security and Research News

Data, Tools, and Statistics

  • eConsent Toolkit - (Office of the National Coordinator for Health Information Technology, HHS (ONC))  - The eConsent Toolkit is designed to assist in supporting meaningful consent. It contains planning resources, educational resources, the story engine tool, and technical resources.
  • The HIMSS Health IT Value Suite - (Health Information Management Systems Society (HIMSS))  - This is a growing database of use studies, related to health-IT.
  • HIPAA: General Information - (Centers for Medicare & Medicaid Services (CMS))  - CMS provides information on the Health Insurance Portability and Accountability Act of 1996, with links to important materials necessary for understanding and compliance.
  • Privacy & Security Training Games - (Office of the National Coordinator for Health Information Technology, HHS (ONC))  - Using a game format, this security training module requires users to respond to privacy and security challenges often faced in a typical small medical practice.
  • SAFER: Safer Assurance Factors for EHR Resilience - (Office of the National Coordinator for Health Information Technology, HHS (ONC))  - Organized into nine guides, this toolkit allows healthcare organizations identify recommended practices to optimize the safety and safe use of EHRs. Interactive PDFs can be filled out, saved, and transmitted between team.
  • Security Risk Assessment - (Office of the National Coordinator for Health Information Technology, HHS (ONC))  - Tools and video help an organization assess their security risk.

Legislation, Regulation, and Guidance

  • Health Information Privacy: Model Notices - (Office of Civil Rights, HHS (OCR) USA, Office of the National Coordinator for Health Information Technology, HHS (ONC))  - ONC and OCR have announced the creation of model Notices of Privacy Practices for health care providers and health plans to use to communicate with their patients and plan members.
  • HIPAA Privacy Rule Information for Researchers - (National Institutes of Health (NIH))  - Research organizations and researchers may or may not be covered by the HIPAA Privacy Rule. This website provides information on the Privacy Rule for the research community, specifically addressing Clinical Research, Health Services Research, Research Repositories and Databases, Institutional Review Boards, Privacy Boards, Authorizations and Information for Patients.

Policy, Position Statements

Guidelines, Journals, and Other Publications

  • Guide to Privacy and Security of Health Information images/pdf.gif icon - (Office of the National Coordinator for Health Information Technology, HHS (ONC))  - This guideline presents a step-by-step analysis of the procedures necessary for safeguarding the electronic health record.
  • Guidelines for EHR Documentation to Prevent Fraud - (American Health Information Management Association (AHIMA))  - This guideline suggests ways in which developers can create systems for the prevention of fraud using electronic health records. It includes case studies and a detailed resources list.
  • Health Privacy: HIPAA Basics - (Privacy Rights Clearinghouse USA)  - This document explains the HIPAA rule, in conjunction with the electronic health record.
  • How to Use the SAFER Guides - (Office of the National Coordinator for Health Information Technology, HHS (ONC))  - This video explains the optimal use of the SAFER guides, which were developed to help organizations conduct self-assessments to optimize the safe use of electronic health records.
  • ONC HIT Certification Program images/pdf.gif icon - (Office of the National Coordinator for Health Information Technology, HHS (ONC))  - This document adds additional general program guidance related to surveillance, supplementing the "Permanent Certification Program Final Rule".
  • Privacy, Security, and Electronic Health Records - (Office of the National Coordinator for Health Information Technology, HHS (ONC))  - This website provides an overview on the various requirements related to HIPAA, privacy and security, and the responsibilities of providers in protecting patient rights.
  • Security Audits of Electronic Health Information (Updated) - (American Health Information Management Association (AHIMA))  - Taking into consideration the legal requirements of health information security, this guide details the steps that should be taken to secure health information online.

Webinars / Meetings

  • Meaningful Use Workgroup - (Office of the National Coordinator for Health Information Technology, HHS (ONC))  - From this calendar, access past and upcoming meetings of the Workgroup. Audio and agendas for past meetings are available.

Upcoming Meetings / Webinars

  • HIMSS15 - (Health Information Management Systems Society (HIMSS))  - The meeting will be held Apr 12 - 16, 2015 in Chicago IL.
  • HRSA Webinars - (Health Resources and Services Administration (HRSA))  - Health IT and Quality webinars are technical assistance for HRSA grantees and other safety net providers.
  • The Privacy and Security Forum - (Health Information Management Systems Society (HIMSS))  - A two-day meeting for healthcare executives, the conference is a vendor-neutral peer-to-peer education and networking opportunity.

Archived Meetings / Webinars

  • Electronic Health Records Research Symposium August 2, 2012 - (University of Cincinnati. Center for Clinical and Translational Science and Training USA)  - The website for this meeting Includes slide from contributed papers, including: "Regulatory Challenges and Solutions", "Technical Infrastructure Challenges and Solutions", and "Leveraging EHRs to Advance Research and Improve Healthcare: Challenges and Opportunities"
  • Past CMS eHealth Provider Webinars - (Centers for Medicare & Medicaid Services (CMS))  - Series of eHealth webinars to educate the health care community about eHealth programs and resources available to help align health information technology (Health IT) and electronic standards programs.
  • Protecting your Practice and Patients Webinar - (Wide River Technology Extension Center USA)  - This Adobe Connect webinar and accompanying pdf document outline the steps necessary to protect the electronic patient record.
  • Webinar Recordings - (West Virginia Regional Health Information Technology Extension Center (WV RHITEC) USA)  - This series of webinars looks at various aspects surrounding security and privacy of the electronic health record.

Education

  • Educational Resources - (Centers for Medicare & Medicaid Services (CMS))  - CMS has assembled a variety of resources to assist professionals in obtaining training in the proper use of the electronic health record.
  • Federal Information Privacy Internship Program - (Food and Drug Administration (FDA))  - The opportunity to participate in unpaid Federal Information Privacy Intern positions for undergraduate and graduate students is described in the webpage.
  • HIM Professional Roles in E-HIM - (American Health Information Management Association (AHIMA))  - This page provides an overview of the careers that have developed to support the implementation of the electronic health record.
  • ONC HIT Curriculum Overview - (Office of the National Coordinator for Health Information Technology, HHS (ONC))  - Registration is required to utilize this free curriculum. Included in the course are Working with Health IT Systems, Configuring Electronic Health Records, and Planning, Management and Leadership for Health IT.

Special Issues

  • Ensuring Security of High-Risk Information in EHRs - (American Health Information Management Association (AHIMA))  - This discussion of EHRs concentrates on the security needed for high-risk populations; minors, high-profile patients, and patients with conditions that may place them into uncomfortable positions.
  • MEDLINE/PubMed Search & Electronic Health Record Information Resources - (National Library of Medicine (NLM) U.S.)  - The search strategy focuses on all aspects of the Electronic Health Record. Subjects include: implementation, attitudes, beliefs and use, data privacy, health data standards and consumer access to the EHR and personal health records
  • Mobile Health Privacy & Security - (Health Information Management Systems Society (HIMSS))  - A resource list of information related to the issues surrounding security within the mobile environment is provided.
  • Patient Identification and Matching: Final Report images/pdf.gif icon - (Office of the National Coordinator for Health Information Technology, HHS (ONC))  - The issue of correctly matching the patient to their EHR is the subject of this report, which includes best practices for patient safety and information security.
  • Planning Room - (Office of the National Coordinator for Health Information Technology, HHS (ONC))  - This area of HealthIT.gov was designed to solicit public input on the Federal Health IT Strategic Plan.
  • Privacy & Security - (American Health Information Management Association (AHIMA))  - This collection of links from AHIMA presents an overview on privacy and security related to the electronic health record. A link is provided to their Practice Briefs.
  • Privacy and Security - (Healthcare Information and Management Systems Society)  - This website discusses the work of the various work groups within the organization dealing with privacy issues.

Grants

  • Health IT Adoption Programs - (Office of the National Coordinator for Health Information Technology, HHS (ONC))  - This website outlines IT adoption programs that can provide funding for EHR adoption.

Key Organizations

  • American Health Information Management Association (AHIMA) - (American Health Information Management Association (AHIMA))  - Professional community that improves healthcare by advancing best practices and standards for health information management and the trusted source for education, research, and professional credentialing.
  • Electronic Privacy Information Center (EPIC) - EPIC is a public interest research center in Washington, D.C. It was established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and constitutional values.
  • HealthIT.gov - (Office of the National Coordinator for Health Information Technology, HHS (ONC))  - Resource to support the adoption of health information technology and the promotion of nationwide health information exchange to improve health care.
  • IHE USA - IHE USA is a part of the international group, and focuses on fostering consistent information standards.
  • Office for Civil Rights - (Department of Health and Human Services (HHS) U.S.)  - OCR helps to provide protections from discrimination in health care and social service programs. It also helps to protect the privacy of the health information held by health insurers and certain health care providers and health insurers.
  • Project HealthDesign - (Robert Wood Johnson Foundation (RWJF))  - This national program aims to spark innovation in personal health technology.
  • World Privacy Forum - This non-profit organization focuses on conducting in-depth research, analysis, and consumer education in the area of privacy.