Health IT Privacy and Security Resources
The Office of the National Coordinator for Health Information Technology (ONC), U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), and other HHS agencies have developed a number of resources. These tools, guidance documents, and educational materials are intended to help you better integrate HIPAA and other federal health information privacy and security into a health practice:
-
Guide to Privacy and Security of Electronic Health Information. ONC tool to help small health care practices in particular succeed in their privacy and security responsibilities. The Guide includes a sample seven-step approach for implementing a security management process.
-
Security Risk Assessment (SRA) Tool. HHS downloadable tool to help providers from small practices navigate the security risk analysis process.
-
Security Risk Analysis Guidance. OCR’s expectations for how providers can meet the risk analysis requirements of the HIPAA Security Rule.
-
HIPAA Security Toolkit Application. National Institute of Standards and Technology (NIST) toolkit to help organizations better understand the requirements of the HIPAA Security Rule, implement those requirements, and assess those implementations in their operational environment.
-
Certified Health IT Product List. ONC’s authoritative, comprehensive listing of complete Electronic Health Records (EHRs) and EHR modules that have been tested and certified under the ONC Health IT (HIT) Certification Program.
-
Sample Business Associate Contract Provisions. OCR sample Business Associate (BA) contract language to help Covered Entities (CEs) more easily comply with the HIPAA Privacy Rule.
-
TEMPLATE - Model Notices of Privacy Practices (NPPs). ONC and OCR’s customizable NPPs for use by providers and health plans.
-
Mobile Devices – Keeping Health Information Private and Secure. ONC’s web page dedicated to resources for helping providers protect and secure health information on mobile devices.
Link: https://www.healthit.gov/providers-professionals/ehr-privacy-security/resources