Skip Navigation Bar

National Information Center on Health Services Research and Health Care Technology (NICHSR)

Serving the Information Needs of the Health Services Research Community

Email Updates
Please enter your email address in the box below for updates:
  

Brown ArrowPrivacy/Security and Research with Electronic Health Records

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules protect individually-identifiable health information and grant rights grant to individuals concerning the privacy and security of their data. Together, these rules and other provisions in HIPAA established the groundrules for widespread use of electronic health records to collect and exchange both administrative and clinical data. These rules have far-reaching implications for all involved in the delivery, payment and study of health services.

The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections. (Department of Health and Human Services)

The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. (Department of Health and Human Services)

The Office for Civil Rights of the U.S. Department of Health and Human Services is responsible for enforcing the HIPAA Privacy Rule and the HIPAA Security Rule, as well as the confidentiality provisions of the Patient Safety and Quality Improvement Act of 2005 (PSQIA) or Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety. OCR also provides up-to-date advice and resources specifically related to HIPAA and Research.

The Office of the National Coordinator for Health Information Technology (ONC) has established a central resource that explains Privacy and Security Policy in the context of the implementation of electronic health data exchange, for both researchers and providers.

Search Queries Using NLM Resources: EHR Privacy / Security

News: EHR Privacy/Security and Research

  • Medical Care Supplement Call for Papers, Health IT to Address Disparities --05-DEC-2017 - (National Institute on Minority Health and Health Disparities (NIMHD), NIH USA, Wolters Kluwer)  Details

    NIMHD is sponsoring a Medical Care supplement on "Addressing Health Disparities through the Utilization of Health Information Technology." Original research papers focused on health information technologies and the science of understanding and improving minority health and reducing health disparities are invited. Papers must be submitted by February 12, 2018.

Data, Tools, and Statistics

  • HIPAA Breach Reporting Tool (HBRT) - (Office for Civil Rights (OCR), HHS USA)  Details

    The HRBT makes available to the public information that entities covered by the HIPAA report to OCR when they are involved in breaches of unsecured protected health information of 500 or more individuals. The tool includes: the name of the entity; state it is located in; number of individuals affected by the breach; date of the breach; type of breach; and location of the breached information.

  • Health IT Playbook - (Office of the National Coordinator for Health Information Technology (ONC), HHS)  Details

    This tool is designed for health care providers, practice staff, hospital administrators and others who are implementing a HIT system. Included are chapters on patient engagement, electronic health records, population and public health, privacy and security, patient safety, and value based care.

  • Privacy & Security Training Games - (Office of the National Coordinator for Health Information Technology (ONC), HHS)  Details

    Using a game format, this security training module requires users to respond to privacy and security challenges often faced in a typical small medical practice.

  • SAFER Guides - (Office of the National Coordinator for Health Information Technology (ONC), HHS)  Details

    The product consist of nine pdf guides in the following areas: High Priority Practice, Organizational Responsibilities, Contingency Planning, System Configuration, System Interfaces, Patient Identification, Computerized Provider Order Entry with Decision Support, Test Results Reporting and Follow Up, Clinician Communication

  • Security Risk Assessment - (Office of the National Coordinator for Health Information Technology (ONC), HHS)  Details

    Tools and video help an organization assess their security risk.

  • eConsent Toolkit - (Office of the National Coordinator for Health Information Technology (ONC), HHS)  Details

    The eConsent Toolkit is designed to assist in supporting meaningful consent. It contains planning resources, educational resources, the story engine tool, and technical resources.

Legislation, Regulation, and Guidance

  • Adminstrative Simplification Overview - (Centers for Medicare & Medicaid Services (CMS), HHS)  Details

    To reduce paperwork and streamline business processes across the health care system, the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the Patient Protection and Affordable Care Act (ACA) set national standards for: Electronic transactions, Code sets, Unique identifiers

  • HIPAA Privacy Rule Information for Researchers - (National Institutes of Health (NIH), HHS)  Details

    Research organizations and researchers may or may not be covered by the HIPAA Privacy Rule. This website provides information on the Privacy Rule for the research community, specifically addressing Clinical Research, Health Services Research, Research Repositories and Databases, Institutional Review Boards, Privacy Boards, Authorizations and Information for Patients.

  • Health Information Privacy: Model Notices - (Office for Civil Rights (OCR), HHS USA, Office of the National Coordinator for Health Information Technology (ONC), HHS)  Details

    ONC and OCR have announced the creation of model Notices of Privacy Practices for health care providers and health plans to use to communicate with their patients and plan members.

Policy, Position Statements

Guidelines, Journals, and Other Publications

  • 2017 HIMSS Cybersecurity Survey - (Healthcare Information and Management Systems Society (HIMSS))  Details

    An annual survey that assesses cybersecurity breach experiences in healthcare organizations across the nation.

  • Guide to Cyber Threat Information Sharing (2016) images/pdf.gif icon - (National Institute of Standards and Technology (NIST), DOC USA)  Details

    This publication provides guidelines for establishing and participating in cyber threat information sharing relationships. This guidance helps organizations establish information sharing goals, identify cyber threat information sources, scope information sharing activities, develop rules that control the publication and distribution of threat information, engage with existing sharing communities, and make effective use of threat information in support of the organization's overall cybersecurity practices.

  • Health Information Privacy, Security, and Your EHR - (Office of the National Coordinator for Health Information Technology (ONC), HHS)  Details

    This website provides an overview on the various requirements related to HIPAA, privacy and security, and the responsibilities of providers in protecting patient rights.

  • Health Information Systems Interoperability Maturity Toolkit - (University of North Carolina at Chapel Hill (UNC))  Details

    The kit contains three main pieces: a maturity model, an assessment tool, and a users' guide. The maturity model identifies the major components of HIS interoperability and lays out an organization's growth pathway through these components. The assessment tool can be used to systematically determine the maturity level of an organization or country.

  • How to Use the SAFER Guides - (Office of the National Coordinator for Health Information Technology (ONC), HHS)  Details

    This video explains the optimal use of the SAFER guides, which were developed to help organizations conduct self-assessments to optimize the safe use of electronic health records.

  • Interoperability Standards Advisory (ISA) - (Office of the National Coordinator for Health Information Technology (ONC), HHS)  Details

    The ISA is a coordinated online catalog platform of standards and implementation specifications that are available for use by the health IT industry to meet interoperability needs.

  • Next Steps to Encourage Adoption of Data Standards for Clinical Registries - (Pew Charitable Trusts USA)  Details

    This fact sheet provides an overview of four issues that need to be addressed to facilitate adoption of data standards and potential solutions: ineffective coordination between stewards, data standards that do not meet needs of registries, expense of data standard adoption and maintenance, and lack of support from the federal government.

  • ONC HIT Certification Program (2013) images/pdf.gif icon - (Office of the National Coordinator for Health Information Technology (ONC), HHS)  Details

    This document adds additional general program guidance related to surveillance, supplementing the "Permanent Certification Program Final Rule".

  • Precision Medicine Initiative (PMI) Data Security Principles Implementation Guide - (Office of the National Coordinator for Health Information Technology (ONC), HHS)  Details

    The Precision Medicine Initiative (PMI) aims to move away from the "one-size-fits-all" approach to health care delivery and to instead tailor treatment and prevention strategies to people's unique characteristics, including environment, life style, and genes. The White House released a trust framework for PMI to ensure that PMI data is appropriately secured and protected. This framework includes principles for both privacy and data security.

  • Report of the Evidence on Health IT Safety and Interventions: Final Report (2016) images/pdf.gif icon - (Office of the National Coordinator for Health Information Technology (ONC), HHS)  Details

    This report focuses on; Research on the types, severity, and frequency of health IT-related events; Research on usability and interoperability; and identification and evaluation of tools and interventions intended to avoid the risks of health IT or that use health IT to make care safer.

  • Using Electronic Health Data for Community Health (November 2017) images/pdf.gif icon - (Johns Hopkins University, Bloomberg School of Public Health, de Beaumont Foundation USA)  Details

    Report provides public health departments with a framework that will allow them to request data from hospitals and health systems in order to move the needle on critical public health challenges.

Webinars / Meetings

Upcoming Meetings / Webinars

  • Emergency Ready - (Office of the National Coordinator for Health Information Technology (ONC), HHS)  Details

    These on-demand videos are designed to assist organizations in preparing their systems for privacy protection in an emergency situation.

  • HiMSS18 - (Healthcare Information and Management Systems Society (HIMSS))  Details

    March 5-9, 2018; Las Vegas, NV.

  • Journey to HIMSS18 Webinar Series - (Healthcare Information and Management Systems Society (HIMSS))  Details

    November 28, 2017-February 27, 2018. Journey to HIMSS18 - a new series of complimentary webinars - offers you the opportunity to get a heads-up on what's new, what to expect, hot topics to explore, and how to plan your agenda for HIMSS18.

  • Upcoming Privacy and Security Meetings - (Office of the National Coordinator for Health Information Technology (ONC), HHS)  Details

    This committee meets throughout the year. Meetings are posted with information on connecting to a webcast of the meeting.

Archived Meetings / Webinars

Past meetings with available web content

  • Cybersecurity and Healthcare Facilities - (Office of the Assistant Secretary for Preparedness and Response (ASPR), HHS)  Details

    A 2016 recorded webinar in which speakers discuss how the federal government is addressing cybersecurity and how healthcare organizations can prepare and plan for cybersecurity incidents.

  • eHealth Events - (Centers for Medicare & Medicaid Services (CMS), HHS)  Details

    Upcoming and past eHealth webinars to educate the health care community about eHealth programs and resources available to help align health information technology (Health IT) and electronic standards programs.

  • Electronic Health Records Research Symposium August 2, 2012 - (University of Cincinnati. Center for Clinical and Translational Science and Training USA)  Details

    The website for this meeting Includes slide from contributed papers, including: "Regulatory Challenges and Solutions", "Technical Infrastructure Challenges and Solutions", and "Leveraging EHRs to Advance Research and Improve Healthcare: Challenges and Opportunities"

  • Security Risk Assessment Videos - (Office of the National Coordinator for Health Information Technology (ONC), HHS)  Details

    This series of videos is designed to assist organizations in performing a risk assessment.

Education

  • Educational Resources - (Centers for Medicare & Medicaid Services (CMS), HHS)  Details

    CMS has assembled a variety of resources to assist professionals in obtaining training in the proper use of the electronic health record.

  • HIM Professional Roles in E-HIM - (American Health Information Management Association (AHIMA))  Details

    This page provides an overview of the careers that have developed to support the implementation of the electronic health record.

  • ONC HIT Curriculum Overview - (Office of the National Coordinator for Health Information Technology (ONC), HHS)  Details

    Registration is required to utilize this free curriculum. Included in the course are Working with Health IT Systems, Configuring Electronic Health Records, and Planning, Management and Leadership for Health IT.

Special Issues

  • Mobile Health Privacy & Security - (Healthcare Information and Management Systems Society (HIMSS))  Details

    A resource list of information related to the issues surrounding security within the mobile environment is provided.

  • Patient Identification and Matching: Final Report (2014) images/pdf.gif icon - (Office of the National Coordinator for Health Information Technology (ONC), HHS)  Details

    The issue of correctly matching the patient to their EHR is the subject of this report, which includes best practices for patient safety and information security.

  • Planning Room - (Office of the National Coordinator for Health Information Technology (ONC), HHS)  Details

    This area of HealthIT.gov was designed to solicit public input on the Federal Health IT Strategic Plan.

  • Privacy & Security - (American Health Information Management Association (AHIMA))  Details

    This collection of links from AHIMA presents an overview on privacy and security related to the electronic health record. A link is provided to their Practice Briefs.

  • Privacy and Security - (Healthcare Information and Management Systems Society (HIMSS))  Details

    This website discusses the work of the various work groups within the organization dealing with privacy issues.

Grants

  • Data Science Research: Personal Health Libraries for Consumers and Patients (R01) - (National Library of Medicine (NLM), NIH USA)  Details

    NLM seeks applications for novel informatics and data science approaches that can help individuals gather, manage and use data and information about their personal health. A goal of this program is to advance research and application by patients and the research community through broadly sharing the results via publication, and through open source mechanisms for data or resource sharing.

  • Health Information Technology (IT) to Improve Health Care Quality and Outcomes (R21) - (Agency for Healthcare Research and Quality (AHRQ), HHS)  Details

    This FOA issued by AHRQ invites grant applications for funding to conduct exploratory and developmental research grants (R21) for projects in the early and conceptual stages of development that will contribute to the evidence base of how health information technology (IT) improves health care quality and outcomes.

  • Secure API Server Showdown Challenge - (Office of the National Coordinator for Health Information Technology (ONC), HHS)  Details

    The Secure API Server Showdown Challenge invites interested stakeholders to build a secure, Health Level 7 (HL7®) Fast Healthcare Interoperability Resources (FHIR®) server using current industry technical standards, best practices, and recently issued healthcare-specific implementation guide requirements

  • Health IT Adoption Programs - (Office of the National Coordinator for Health Information Technology (ONC), HHS)  Details

    This website outlines IT adoption programs that can provide funding for EHR adoption.

Key Organizations

  • All of Us Research Program - (National Institutes of Health (NIH), HHS)  Details

    The All of Us Research Program is a historic effort to gather data from one million or more people living in the United States to accelerate research and improve health. By taking into account individual differences in lifestyle, environment, and biology, researchers will uncover paths toward delivering precision medicine.

  • American Health Information Management Association (AHIMA) - (American Health Information Management Association (AHIMA))  Details

    Professional community that improves healthcare by advancing best practices and standards for health information management and the trusted source for education, research, and professional credentialing.

  • Digital Bridge - (Public Health Informatics Institute (PHII), Robert Wood Johnson Foundation (RWJF))  Details

    The vision of the Digital Bridge is to improve the health of our nation by enhancing bidirectional information exchange between public health and health care. A first of its kind initiative, the Digital Bridge has created a forum for key decision makers in the public health, health care and health information technology arenas to collaborate and share challenges, opportunities and ideas towards achieving this vision.

  • Electronic Privacy Information Center (EPIC) Details

    EPIC is a public interest research center in Washington, D.C. It was established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and constitutional values.

  • HealthIT.gov - (Office of the National Coordinator for Health Information Technology (ONC), HHS)  Details

    Resource to support the adoption of health information technology and the promotion of nationwide health information exchange to improve health care.

  • IHE USA Details

    IHE USA is a part of the international group, and focuses on fostering consistent information standards.

  • Office for Civil Rights - (U.S. Department of Health and Human Services (HHS) USA)  Details

    OCR helps to provide protections from discrimination in health care and social service programs. It also helps to protect the privacy of the health information held by health insurers and certain health care providers and health insurers.

  • World Privacy Forum Details

    This non-profit organization focuses on conducting in-depth research, analysis, and consumer education in the area of privacy.