Breaking Compliance News Blog

ONC releases revised Guide to Privacy and Security of Electronic Health Information

Posted by Margaret Scavotto, JD, CHC on 5/5/15 7:00 AM

Find me on:

In April, the Department of Health and Human Services Office of the National Coordinator for Health Information Technology (ONC) issued a revised Guide to Privacy and Security of Electronic Health Information (the “Guide”). The revised Guide includes many practical tips for navigating HIPAA compliance.

For example:

Examples of companies that are/are not business associates: “You hire a web designer to maintain your practice’s website and improve its online access for patients seeking to view/download or transmit their health information. The designer must have regular access to patient records to ensure the site is working correctly. The web designer is a BA.” Guide, p. 12.

Examples of permissible disclosures: “…if a patient begins discussing health information while family or friends are present in the examining room, this is a ‘circumstance that clearly gave the individual the opportunity to agree, acquiesce, or object.’ You do not need a written authorization to continue the discussion.” Guides, p. 16.

Examples of “Low-Cost, Highly Effective Safeguards,” such as: “Say ‘no’ to staff requests to take home laptops containing unencrypted ePHI.” Guide, p. 44.

The Guide also includes a Sample Seven-Step Approach for Implementing a Security Management Process (p. 25), and tips for how to incorporate HIPAA Security into EHR selection and implementation.

With the Office of Civil Rights (OCR) expected to launch a new round of HIPAA audits any day, now is the time to take advantage of these practical tips and get our HIPAA house in order.

HIPAA on a budget:  Get HIPAA compliant with MPA's  HIPAA Tool Kit

Topics: HIPAA

    Privacy Policy           Terms of Use