Privacy & Security
Protecting the privacy of individually identifiable health information is a priority for AHIMA and HIM professionals. AHIMA supports moving forward with HIT and EHRs to improve healthcare quality, safety and efficiency. We also recognize the critical need to balance the privacy and security of patient information to reach the overall goals of ARRA and HITECH.
Privacy and Security Framework
The Office of the National Coordinator has established resources on including a Health IT Privacy and Security Toolkit with model privacy notices, reference to regulations, assessment of security practices. ONC has also developed a policy framework for addressing privacy and security with health information exchange.
Accounting of Disclosures
ARRA-HITECH requires entites using electronic health records to maintain an accounting of disclosures for treatment, payment and healthcare operations. In February 2010, the Interim Final Rule for Standards and Certification described the standards used for an accounting. AHIMA submitted the following comments to ONC specifically on accounting of disclsoures. The Office of Civil Rights released the proposed rule on May 27, 2011.
HITECH Breach Notification
Breach Notification Final Rule Update
On September 23, 2009 the Interim Final Rule on Breach Notification for Unsecured Protected Health Information became effective. This rule applies to all HIPAA-covered entities and HIPAA-related Business Associates (BAs).
Covered entities are required to begin reporting breaches to the Office of Civil Rights (OCR). OCR provides tools and guidance:
AHIMA Tools & Resources
Other Links & Resources