The Office of the National Coordinator for Health IT's Office of the Chief Privacy Officer has released a new guide designed to help health care providers protect the privacy and security of patient data, Health Data Management reports (Goedert, Health Data Management, 5/8).
The 47-page guide was developed in conjunction with the American Health Information Management Association.
The guide includes a 10-step plan to help health care providers bolster their privacy and security protections before attesting to the meaningful use of electronic health record systems. Under the 2009 federal economic stimulus package, health care providers who demonstrate meaningful use of certified EHR systems can qualify for Medicaid and Medicare incentive payments.
The 10-step plan recommends that health care providers:
- Confirm that their organization is a covered entity as defined by HHS;
- Provide leadership to employees on protecting patient information;
- Document their processes, findings and actions related to securing patient data;
- Conduct security risk analyses;
- Develop an action plan to mitigate potential security risks;
- Implement policies and procedures to carry out their action plan;
- Prevent data breaches by providing staff education and training;
- Communicate with patients about EHR confidentiality and security;
- Update business associate agreements; and
- Attest for the security risk analysis meaningful use objective.
The guide states that "ensuring privacy and security of health information, including information in electronic health records, is a key component to building the trust required to realize the potential benefits of electronic health information exchange." If patients doubt the security of their health data, "it may affect their willingness to disclose necessary health information and could have life-threatening consequences," the guide adds (Miliard, Healthcare IT News, 5/9).