National Information Center on Health Services Research and Health Care Technology (NICHSR)
Serving the Information Needs of the Health Services Research Community
HSR General Resources
- Data, Tools and Statistics
- HSR Social Media Resources
- Education and Training
- Grants, Funding and Fellowships
- Guidelines, Journals Other Publications
- Key Organizations
- Meetings and Conferences
- State Resources
- Aging Population Issues
- Comparative Effectiveness Research (CER)
- Child Health Services Research
- Evaluation Resources for Assessing HIT Systems and HIT Implementation, Adoption and Use
- Dissemination and Implementation Science
- Evidence-Based Practice and Health Technology Assessment
- Health Care Reform, Health Economics, and Health Policy
- Health Disparities
- Health Informatics
- Health Literacy and Cultural Competence New
- Privacy/Security and Research with Electronic Health Records
- Public Health Services and Systems Research
- Rural Health
Privacy/Security and Research with Electronic Health Records
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules protect individually-identifiable health information and grant rights grant to individuals concerning the privacy and security of their data. Together, these rules and other provisions in HIPAA established the groundrules for widespread use of electronic health records to collect and exchange both administrative and clinical data. These rules have far-reaching implications for all involved in the delivery, payment and study of health services.
The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections. (Department of Health and Human Services)
The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. (Department of Health and Human Services)
The Office for Civil Rights of the U.S. Department of Health and Human Services is responsible for enforcing the HIPAA Privacy Rule and the HIPAA Security Rule, as well as the confidentiality provisions of the Patient Safety and Quality Improvement Act of 2005 (PSQIA) or Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety. OCR also provides up-to-date advice and resources specifically related to HIPAA and Research.
The Office of the National Coordinator for Health Information Technology (ONC) has established a central resource that explains Privacy and Security Policy in the context of the implementation of electronic health data exchange, for both researchers and providers.
- eConsent Toolkit - (Office of the National Coordinator for Health Information Technology, HHS (ONC)) - The eConsent Toolkit is designed to assist in supporting meaningful consent. It contains planning resources, educational resources, the story engine tool, and technical resources.
- Glossary of Public Health Informatics Organizations, Activities, and Terms - (National Association of County and City Health Officials (NACCHO)) - This is a glossary of Public Health informatics organizations, activities, and terms.
- The HIMSS Health IT Value Suite - (Health Information Management Systems Society (HIMSS)) - This is a growing database of use studies, related to health-IT.
- HIPAA: General Information - (Centers for Medicare & Medicaid Services (CMS)) - CMS provides information on the Health Insurance Portability and Accountability Act of 1996, with links to important materials necessary for understanding and compliance.
- Privacy & Security Training Games - (Office of the National Coordinator for Health Information Technology, HHS (ONC)) - Using a game format, this security training module requires users to respond to privacy and security challenges often faced in a typical small medical practice.
- Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule - (Department of Health and Human Services (HHS) U.S.) - The Office of Civil Rights has assembled methods for de-identification of covered information.
- Health Information Technology for Economic and Clinical Health Act'' or the "HITECH Act" - (Office of Civil Rights, HHS (OCR) USA) - This presents the full text of the HITECH Act from February 17, 2009.
- Health Information Technology: Standards, Implementation Specifications, and Certification Criteria for Electronic Health Record Technology, 2014 Edition; Revisions to the Permanent Certification Program for Health Information Technology - (Department of Health and Human Services (HHS) U.S.) - The Final Rule contains standards for Privacy and Security Certification and on the technical capabilities and implementation standards for the EHR.
- HIPAA Privacy Rule Information for Researchers - (National Institutes of Health (NIH)) - Research organizations and researchers may or may not be covered by the HIPAA Privacy Rule. This website provides information on the Privacy Rule for the research community, specifically addressing Clinical Research, Health Services Research, Research Repositories and Databases, Institutional Review Boards, Privacy Boards, Authorizations and Information for Patients.
- Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act - (Department of Health and Human Services (HHS) U.S.) - Issued in 2013, the Final Rule related to HIPAA, specifically on the establishment of national standards for the electronic transmission of certain health information are available.
- Personal Health Records and Personal Health Record Systems: A Report and Recommendations from the National Committee on Vital and Health Statistics - (National Committee on Vital and Health Statistics (NCVHS) USA) - This report from 2006 contains detailed chapters on privacy and security.
- Approaches to Using Protected Health Information(PHI)for Patient-Centered Outcomes Research(PCOR: Regulatory Requirements, De-identification Strategies, and Policy - (AcademyHealth) - This brief describes current regulations regarding personal health information and common challenges researchers face in using PHI.
- Electronic Health Records and Respect for Patient Privacy: A Prescription for Compatibility - (Vanderbilt University USA) - In a journal article from the Vanderbilt Journal of Entertainment and Technical Law. the legal issues surrounding the electronic health record are examined.
- For the Record: Protecting Electronic Health Information - (National Academies Press (NAP)) - This book from 1997 discusses the major privacy and security concerns that the electronic health record creates and posits ways of protecting this information.
- Guide to Privacy and Security of Health Information - (Office of the National Coordinator for Health Information Technology, HHS (ONC)) - This guideline presents a step-by-step analysis of the procedures necessary for safeguarding the electronic health record.
- Guidelines for Defining the Legal Health Record for Disclosure Purposes - (North Dakota Health Information Technology USA) - This document details the various components of the electronic health record. It specifies what constitutes the legal health record.
- Guidelines for EHR Documentation to Prevent Fraud - (American Health Information Management Association (AHIMA)) - This guideline suggests ways in which developers can create systems for the prevention of fraud using electronic health records. It includes case studies and a detailed resources list.
- The Health Information Security and Privacy Collaboration (HISPC) Reports on State Law, Business Practices, and Policy Variations - (Department of Health and Human Services (HHS) U.S.) - Conducted during 2009 as part of HISPC, this compendium of five reports detail variations in state law, business practices and policy related to privacy and security and the electronic exchange of health information.
- Health IT Adoption Toolbox: Privacy and Security - (Health Resources and Services Administration (HRSA)) - This module is available to assist healthcare agencies in setting up appropriate security for their electronic medical record systems.
- HIPAA Basics: Medical Privacy in the Electronic Age - (Privacy Rights Clearinghouse USA) - This document explains the HIPAA rule, in conjunction with the electronic health record.
- The HIPAA Privacy Rule and Electronic Health Information Exchange in a Networked Environment - (Office of Civil Rights, HHS (OCR) USA) - This addendum to "Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information" examines the need for trust in the use of the electronic health record.
- Keeping Health Information Private and Secure: New Initiatives and Tools - (Office of the National Coordinator for Health Information Technology, HHS (ONC)) - This presentation, from the 2012 ONC Annual Meeting, held on December 12, 2012, outlines information related to security breaches, privacy practices, and security audits.
- Legal and Policy Challenges to Secondary Uses of Information from Electronic Clinical Health Records - (AcademyHealth) - This paper explores the legal and policy challenges associated with secondary use of electronic clinical data.
- The Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information - (Office of the National Coordinator for Health Information Technology, HHS (ONC)) - This document, and accompanying toolbox, outline the standards necessary for privacy and security related to electronic health information.
- The Need to Know: Addressing Concerns about Privacy and Personal Health Records - (Robert Wood Johnson Foundation (RWJF)) - This ePrimer looks at health policymaker implications for personal health record privacy.
- ONC HIT Certification Program - (Office of the National Coordinator for Health Information Technology, HHS (ONC)) - This document adds additional general program guidance related to surveillance, supplementing the "Permanent Certification Program Final Rule".
- Paving the Regulatory Road to the "Learning Health Care System" - (Stanford University) - This article from the "Stanford Law Review" suggests legislative changes that would assist in the adoption of the electronic health record.
- Perceptions of Electronic Health Records and Their Effect on the Quality of Care: Results from a Survey of Patients in Four States - (Mathematica Policy Research, Inc.) - This report on patient attitudes towards the electronic health record looks at perceptions of EHRs, their effect on the patient-provider relationship, quality of care, and views toward data security and confidentiality.
- Privacy, Security, and Electronic Health Records - (Office of the National Coordinator for Health Information Technology, HHS (ONC)) - This website provides an overview on the various requirements related to HIPAA, privacy and security, and the responsibilities of providers in protecting patient rights.
- Protecting Patient Privacy: Strategies for Regulating Electronic Health Records Exchange - (New York Civil Liberties Union (NYCLU) USA) - This document outlines a series of recommended steps to ensure the security of patient information. It focuses on initiating an electronic health information exchange in New York State.
- Security Audits of Electronic Health Information (Updated) - (American Health Information Management Association (AHIMA)) - Taking into consideration the legal requirements of health information security, this guide details the steps that should be taken to secure health information online.
- Value case for the use of electronic health records in clinical research: processes to support core research data element exchange - (American National Standards Institute (ANSI) USA) - This document outlines the core research data elements necessary for research participants. It also notes the security issues of these data elements.
Archived Meetings / Webinars
- 2011 International Summit on the Future of Health Privacy: Getting IT Right: Protecting Patient Privacy Rights in a Wired World - Videos are available from the 2011 summit, which examined the new initiative to create a health information technology infrastructure and the secondary uses that this data would have.
- 2012 ONC Annual Meeting: Webcast Archive - (Office of the National Coordinator for Health Information Technology, HHS (ONC)) - Held on December 12, 2012, this meeting has provided 9 webcasts of their meeting.
- 2013 International Summit on the Future of Health Privacy: The Value of Health Data vs. Privacy: How Can the Conflict Be Resolved? - The agenda, speaker information, and videos from the June 5-6, 2013 conference in Washington, D.C. is available on this website.
- 2nd International Summit on the Future of Health Privacy: Is There an American Health Privacy Crisis? - Held on June 6 and 7, 2012, the videos from this conference on the privacy issues raised by emerging health technologies are available for viewing.
- Electronic Health Records Research Symposium August 2, 2012 - (University of Cincinnati. Center for Clinical and Translational Science and Training USA) - The website for this meeting Includes slide from contributed papers, including: "Regulatory Challenges and Solutions", "Technical Infrastructure Challenges and Solutions", and "Leveraging EHRs to Advance Research and Improve Healthcare: Challenges and Opportunities"
- HIPAA/HITECH Privacy and Security Standards Breach Notification Compliance and Meaningful Use Incentives - (Rhode Island Quality Institute USA) - This webinar from August of 2012 looks at regulations from HIPAA to HITECH and how these impact on meaningful use. The video also discusses special conditions that impact on privacy concerns.
- Mobile Device Privacy and Security Issues Webinar - (Robert Wood Johnson Foundation (RWJF)) - The presentation and transcript from this January 26, 2011 webinar are available for viewing.
- Mobile Devices Roundtable: Safeguarding Health Information - (Office of the National Coordinator for Health Information Technology, HHS (ONC)) - Held in March of 2012, this roundtable discusses security and privacy issues surrounding the use of ehrs on mobile devices.
- Past CMS eHealth Provider Webinars - (Centers for Medicare & Medicaid Services (CMS)) - Series of eHealth webinars to educate the health care community about eHealth programs and resources available to help align health information technology (Health IT) and electronic standards programs.
- Privacy and Security: What Questions Should You Ask Your Vendor? - (Health Resources and Services Administration (HRSA)) - This webinar from August 2011 features presentations which suggest ways in which healthcare providers can protect themselves and their patients from unauthorized data breaches.
- Protecting your Practice and Patients Webinar - (Wide River Technology Extension Center USA) - This Adobe Connect webinar and accompanying pdf document outline the steps necessary to protect the electronic patient record.
- Webinar Recordings - (West Virginia Regional Health Information Technology Extension Center (WV RHITEC) USA) - This series of webinars looks at various aspects surrounding security and privacy of the electronic health record.
Upcoming Meetings / Webinars
- HIMSS 2014 - (Health Information Management Systems Society (HIMSS)) - Registration is open for the Annual Meeting, being held February 23-27, 2014 in Orlando Florida.
- HIMSS14 - (Health Information Management Systems Society (HIMSS)) - The Annual Conference will be held February 23-27, 2014 in Orlando, FL.
- HRSA Webinars - (Health Resources and Services Administration (HRSA)) - Health IT and Quality webinars are technical assistance for HRSA grantees and other safety net providers.
- IHE World Summit, 2014 - The meeting will be held in Orlando, FL from February 19-21, 2014. The meeting will cover such issues as interoperability, standards, privacy and security, testing and conformity assessment, efficient implementation and sustainability.
- Educational Resources - (Centers for Medicare & Medicaid Services (CMS)) - CMS has assembled a variety of resources to assist professionals in obtaining training in the proper use of the electronic health record.
- Federal Information Privacy Internship Program - (Food and Drug Administration (FDA) U.S.) - The opportunity to participate in unpaid Federal Information Privacy Intern positions for undergraduate and graduate students is described in the webpage.
- Health Information Privacy and Security: A 10 Step Plan - (Office of the National Coordinator for Health Information Technology, HHS (ONC)) - This outline looks at the steps needed to properly educate staff about proper security methods for the electronic health record.
- HIM Professional Roles in E-HIM - (American Health Information Management Association (AHIMA)) - This page provides an overview of the careers that have developed to support the implementation of the electronic health record.
- Ensuring Security of High-Risk Information in EHRs - (American Health Information Management Association (AHIMA)) - This discussion of EHRs concentrates on the security needed for high-risk populations; minors, high-profile patients, and patients with conditions that may place them into uncomfortable positions.
- The Medical Identity Theft Information Page - (World Privacy Forum (WPF)) - This resource page provides links to reports and other information concerning medical identity theft in the United States.
- Mobile Health Privacy & Security - (Health Information Management Systems Society (HIMSS)) - A resource list of information related to the issues surrounding security within the mobile environment is provided.
- Planning Room - (Office of the National Coordinator for Health Information Technology, HHS (ONC)) - This area of HealthIT.gov was designed to solicit public input on the Federal Health IT Strategic Plan.
- Privacy & Security - (American Health Information Management Association (AHIMA)) - This collection of links from AHIMA presents an overview on privacy and security related to the electronic health record. A link is provided to their Practice Briefs.
- Privacy and Security - (Healthcare Information and Management Systems Society) - This website discusses the work of the various work groups within the organization dealing with privacy issues.
- What Issues are Unique to HIV/AIDS Care with Respect to Health IT? - (Health Resources and Services Administration (HRSA)) - Conditions such as HIV/AIDS present special security issues when safeguarding the EHR. This paper discusses some of the problems facing Health IT in regards to this condition.
- Your Mobile Device and Health Information Privacy and Security - (Office of the National Coordinator for Health Information Technology, HHS (ONC)) - This website outlines the steps providers and professionals must take to safeguard patient information when working on mobile devices.
- Cyberinfrastructure Training, Education, Advancement, and Mentoring for Our 21st Century Workforce - (National Science Foundation (NSF) US)
- Health IT Adoption Programs - (Office of the National Coordinator for Health Information Technology, HHS (ONC)) - This website outlines IT adoption programs that can provide funding for EHR adoption.
- American Health Information Management Association (AHIMA) - (American Health Information Management Association (AHIMA)) - Professional community that improves healthcare by advancing best practices and standards for health information management and the trusted source for education, research, and professional credentialing.
- Electronic Privacy Information Center (EPIC) - EPIC is a public interest research center in Washington, D.C. It was established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and constitutional values.
- HealthIT.gov - (Office of the National Coordinator for Health Information Technology, HHS (ONC)) - Resource to support the adoption of health information technology and the promotion of nationwide health information exchange to improve health care.
- IHE USA - IHE USA is a part of the international group, and focuses on fostering consistent information standards.
- International Association of Privacy Professionals - This organization focuses on the global information privacy community, to assist them in managing and protecting their data.
- National eHealth Collaborative - This organization is a public-private partnership that enables secure and interoperable nationwide health information exchange to advance health and improve health care.
- Office for Civil Rights - (Department of Health and Human Services (HHS) U.S.) - OCR helps to provide protections from discrimination in health care and social service programs. It also helps to protect the privacy of the health information held by health insurers and certain health care providers and health insurers.
- Office of the National Coordinator for Health Information Technology - ONC is the principal federal entity charged with coordination of nationwide efforts to implement and use the most advanced health information technology and the electronic exchange of health information.
- Project HealthDesign - (Robert Wood Johnson Foundation (RWJF)) - This national program aims to spark innovation in personal health technology.
- World Privacy Forum - This non-profit organization focuses on conducting in-depth research, analysis, and consumer education in the area of privacy.