The ONC has released a 47 page Guide to Privacy and Security of Health Information. The guide is a collaboration effort between the ONC’s Office of the Chief Privacy Officer and the American Health Information Management Association (AHIMA) Foundation.
The Guide includes sections on Meaningful Use, security risk analysis, working with health IT vendors and a section titled Privacy and Security – A 10 step guide to Meaningful Use.
The guide combines some fairly dense security information with easy to understand sections like this “Health Information Security Quick Tips:”
- Prevent Unauthorized or Inappropriate Access: Issue unique user names and passwords
to everyone who will use the EHR (if accessed this way) to help prevent unauthorized or inappropriate access to patient information and system controls. If your EHR has the capability, associate access levels with specific roles (e.g., “attending physician”, “medical assistant”).
- Use Encryption Technology: Whether an EHR is locally installed or accessed over the Internet, encryption technology can protect patient health information from being read by unauthorized parties when it is transmitted, or stored on any device, including mobile devices. Encrypting PHI puts information in a coded form that can only be read by an authorized user who has a “key.”
- Backup Your System: To keep information available when and where it is needed, plan for backing up your EHR system and recover the system in the event of an incident, such as fire, cyber-attack, or natural disaster.
The Guide is packed with information and is a must read for anyone tasked with securing health information.