Resources for Information Security and Privacy in Healthcare

 

Homepage

   

This is to provide links to sites containing regulations, guidance or information regarding privacy and

security “best practices” for healthcare.

 

AMERICAN HEALTH INFORMATION MANAGEMENT ASSOCIATION (AHIMA)

The AHIMA is the premier association of health information management professionals.

Privacy, Security, and Confidentiality

http://www.ahima.org/resources/psc.aspx

 

AHIMA Body of Knowledge

Include HIPAA, practice briefs, professional tools, Research/Library tools, career and more http://library.ahima.org/xpedio/groups/public/documents/web_assets/bok_home.hcsp

 

AGENCY FOR HEALTHCARE RESEARCH AND QUALITY (AHRQ)

 

The AHRQ mission is to improve the quality, safety, efficiency, and effectiveness of healthcare. AHRQ

was formerly known as the Agency for Health Care Policy and Research.

 http://www.ahrq.gov/

 

How to use this website (the site map):

 http://www.ahrq.gov/sitemap.htm

 

AMERICAN RECOVERY AND REINVESTIMENT ACT OF 2009 (ARRA)

 

The ARRA is an economic stimulus package enacted by the 111th US Congress and signed into law by President Barack Obama on February 17, 2009. The act includes federal tax relief, expansion of unemployment benefits, and other social welfare provisions, and domestic spending in education, healthcare, and infrastructure, including the energy sector.

 http://www.gpo.gov/fdsys/pkg/PLAW-111publ5/content-detail.html

 

Relevant privacy and security sections:

 Title XIII – health information technology – HITECH

 For example: Sec. 13101. ONCHIT; standards development and adoption; Sec. 13400. Definition of the

term “breach”, etc

CERTIFICATION COMMISION FOR HEALTH INFORMATION TECHNOLOGY (CCHIT)

 

The CCHIT is a recognized certification body for electronic health records and their networks, and a private, nonprofit initiative.

 https://www.cchit.org/

 

CENTERS FOR MEDICARE & MEDICAID SERVICES (CMS)

 

Security Standard

 The administrative Simplification provisions of the Health Insurance Portability and Accountability Act of

1996 (HIPAA, Title II) required the Department of Health and Human Services (HHS) to establish national standards for the security of electronic healthcare information. The final rule adopting HIPAA standards for security was published in the Federal Register on February 20, 2003. The standards are delineated into either required or addressable implementation specifications.

 http://www.hhs.gov/ocr/privacy/hipaa/administrative/index.html

 

HIPAA SECURITY GUIDANCE

 

Remote Use

 This guidance document has been prepared with the main objective of reinforcing some of the ways a covered entity may protect EHPI when it is accessed or used outside of the organization’s physical purview. In so doing, this document sets forth strategies that may be reasonable and appropriate for organizations that conduct any of their business activities through 1.) the use of portable media/devices (such as USB flash drive) that store EPHI; and 2.) offsite access or transport of EPHI via laptops, personal digital assistants (PDAs), home computers, or other non-corporate equipment.

 http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/remoteuse.pdf

 

Risk Analysis

 HHS has developed guidance to assist HIPAA covered entities in complying with the risk analysis requirements of the Security Rule. This series of guidance documents will assist organizations in identifying and implementing the most effective and appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of electronic protected health information. The materials will be updated annually, as appropriate.

 http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/rafinalguidancepdf.pdf

 

HIPAA Security Materials

 This area of the CMS site offers guidance and educational materials aimed at implementing HIPAA Security.

·    Educational materials

 http://cms.hhs.gov/Regulations-and-Guidance/HIPAA-Administrative- Simplification/EducationMaterials/index.html?redirect=/educationmaterials

 

·    HIPAA general information

 http://cms.hhs.gov/Regulations-and-Guidance/HIPAA-Administrative- Simplification/HIPAAGenInfo/index.html

 

 

·    Privacy and security standards

 

 http://cms.hhs.gov/Regulations-and-Guidance/HIPAA-Administrative- Simplification/HIPAAGenInfo/PrivacyandSecurityStandards.html

 

 

OFFICE OF THE NATIONAL COORDINATOR (ONC)

 

On April 27, 2004, President Bush issued Executive Order (EO) 13335 “to provide leadership for the development and nationwide implementation of an interoperable health information technology infrastructure to improve the quality and efficiency of health care.”

 

The Office the National Coordinator for Health Information Technology (ONC) has worked across the federal government to develop this ONC-coordinated Federal Health IT Strategic Plan (the Plan), which identifies the federal activities necessary to achieve the nationwide implementation of this technology

infrastructure throughout both the public and private sectors.

 http://healthit.hhs.gov/portal/server.pt/community/healthit_hhs_govonc/1200

 

HHS privacy and security toolkit

 http://healthit.hhs.gov/portal/server.pt?open=512&mode=2&cached=true&objID=1173

 

HEALTHCARE INFORMATION AND MANAGEMENT SYSTEMS SOCIETY (HIMSS)

 

The HIMSS is the healthcare industry’s membership organization exclusively focused on providing global leadership for the optimal use of healthcare information technology and management systems for the betterment of healthcare.

 http://www.himss.org/

 

PORTALS AND TOOLS

 

EHR

 http://www.himss.org/ASP/topics_ehr.asp

 

Healthcare information technology standards panel (HITSP)

 http://hitsp.org/

 

HIMSS privacy and security toolkit

 http://www.himss.org/asp/topics_pstoolkit.asp

 

Privacy and security for RHIPs/HIEs

 http://www.himss.org/asp/topics_FocusDynamic.asp?faid=226

 

Privacy and security for personal health records

 http://www.himss.org/asp/topics_FocusDynamic.asp?faid=225

 

Privacy and security workgroups, committees, and task forces

 http://www.himss.org/ASP/topics_privacy_committees.asp?faid=83&tid=4

 

Legal and regulatory

 http://www.himss.org/asp/topics_focusdynamic.asp?faid=62

 

Medical identity theft

 http://www.himss.org/asp/topics_focusdynamic.asp?faid=281

 

Medical device security

 http://www.himss.org/asp/topics_medicaldevice.asp?faid=289&tid=4

 

THE HEALTH INFORMATION SECURITY AND PRIVACY COLLABORATION (HISPC)

 

Established in June 2006 by RTI International, through a contract with the DHHS, the Health Information Security and Privacy Collaboration (HISPC) originally comprised 34 states and territories. For more information about HISPC’s background or what each multistate collaborative is working on, click on the following links.

 http://www.healthit.gov/policy-researchers-implementers/health-information-security-privacy- collaboration-hispc

 

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST)

 

Founded in 1901, NIST is a non-regulatory federal agency within the US Department of Commerce. http://www.nist.gov