Privacy and Security

There are many groups and initiatives on the national scene addressing privacy and HIT.  Below are links to some resources that address privacy and HIT.

APA HIPAA Privacy Rule Manuals
These manuals are written specifically to assist psychiatric practices with compliance under the HIPAA rules and include useful cross references to other APA privacy resources and guidelines.

Guide to Privacy and Security of Health Information (ONC) 
This handbook published by the Office of the National Coordinator for Health IT (ONC) includes several resources including a 10-step plan to help physician practices integrate privacy and security into their EHRs and daily operations.

HIPAA Privacy & Security Toolkit (AMA)
September 2013 resource by the American Medical Association on revisions to the HIPAA privacy and security rules 

Privacy & Security Training Game (ONC)
The security training module uses a game format that requires users to respond to privacy and security challenges often faced in a typical small medical practice. Users choosing the right response earn points and see their virtual medical practices flourish. But users making the wrong security decisions can hurt their virtual practices.

Your Mobile Device and Health Information Privacy and Security (ONC)
Physicians, health care providers and other health care professionals are using smartphones, laptops and tablets in their work. The U.S. Department of Health and Human Services has gathered these tips and information to help you protect and secure health information patients entrust to you when using mobile devices. 

Standards for Health Information Technology to Ensure Adolescent Privacy (AAP)
American Academy of Pediatrics policy statement that reviews the challenges to privacy for adolescents posed by commercial health information technology systems and recommends basic principles for ideal electronic health record systems.

Government Accountability Office (GAO): “Health Information Technology: Early Efforts Initiated but Comprehensive Privacy Approach Needed for National Strategy” (January 2007) 
This report summarizes some of the national efforts and privacy and highlights the need for a coordinated approach.

Health and Human Services HealthIT Privacy & Security Page
Outlines state and federal activities and provides additional resources on privacy and security.

Health and Human Services Guidance Materials for Consumers: Health Information Privacy
Information and handouts for patients on HIPAA, health information privacy

National Committee on Vital and Health Statistics (NCVHS)
Advises Secretary of Health and Human Services on Privacy issues.  Recent reports include “Enhanced Protections for Uses of Health Data: A Stewardship Framework for ‘Secondary Uses’ of Electronically Collected and Transmitted Health Data” (12/19/2007) and “Recommendations regarding Privacy and Confidentiality in the Nationwide Health Information Network” (6/22/2006).

Patient Privacy Rights
Private group dedicated to ensuring Americans control all access to their health records.

HIPAA Security Rule: Frequently asked questions regarding encryption of personal health information (AMA)
FAQ from the American Medical Association on recent changes to the HIPAA Security Rule as it pertains to encryption.

A Delicate Balance: Behavioral Health, Patient Privacy and the Need to Know (CHCF)
Policy paper with legal analysis of federal and state laws pertaining to privacy of mental health information, as well as three illustrative scenarios.

Achieving the Right Balance: Privacy and Security Policies to Support Electronic Health Information Exchange(CHCF)
This issue brief discusses the importance of building a statewide (and nationwide) system of electronic HIE and the role that sound privacy and security policies should play in building and sustaining the public's trust; offers patient- and consumer-based policy solutions to privacy and security concerns that balance individual and societal needs; and identifies gaps between current law and the attainment of a secure digital health ecosystem.

Supporting Integration of Behavioral Health Care through Health Information Exchange 
This report by the Colorado Regional Health Information Organization (CORHIO) contains discussion and recommendations pertaining to  integrating behavioral and physical health information through health information exchange (HIE), emphasizing “the key underpinnings of patient protection, safeguarding patient privacy, ensuring confidentiality, and encouraging trust between and amongst providers and consumers.”

Health Information Breaches Affecting 500 or More Individuals (HHS)
A list of breaches of unsecured protected health information affecting 500 or more individuals, posted by HHS as required by law.

Health Information Privacy: Guidance on Risk Analysis (HHS)
This series of guidance documents will assist organizations in identifying and implementing the most effective and appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of electronic protected health information.

theDataMap
Online portal for demonstrating flows of personal data.  Includes a graphic illustrating the various entities that may have access to electronic health information.



Privacy and Security Toolkit (HIMSS – Health Information Management and Systems Society) 
Collection of material pertaining to HIT privacy and security compiled by HIMSS, an HIT trade association.