The javascript used on this site for creative design effects is not supported by your browser. Please note that this will not affect access to the content on this web site.
Skip Navigation
H H S Department of Health and Human Services
U.S. Department of Health and Human Services
Health Information Technology and Quality
Improvement

A-Z Index  |  Questions?  |  Order Publications  |  HRSA Mobile

Privacy and Security Issues

The privacy and security of health information is an important concern for all those delivering healthcare and is especially crucial for those who care for HIV/AIDS patients. You should be aware that any inappropriate disclosure of their condition may have serious consequences for your patients.  AIDS-related stigma and discrimination persist and people with HIV/AIDS continue to be discriminated against in health care, housing, and the workplace.  Fear of stigma and discrimination also affects their decision to obtain care, as it may discourage them from seeking HIV testing and treatment.  Thus, it is crucial that you adhere to the privacy and security rules that protect your patients’ rights.  

All healthcare providers are required to comply with Federal and State laws that protect patients’ health information.  The first and most extensive Federal legislation on health privacy and security is the Health Insurance Portability and Accountability Act of 1996 (HIPAA).  This legislation defines what health information must be protected and stipulates what must be done to protect patients’ privacy and security.  While HIPAA does not specifically address HIV/AIDS, its regulations have been important for protecting HIV/AIDS patients from discrimination related to their condition.  

Recent growth in the use of health IT presents new benefits and potential risks for the privacy and security of patients’ health information.  Since the enactment of HIPAA in 1996, the use of electronic health information technology (IT) has grown.  Vendors’ health IT systems have become increasingly sophisticated and providers have become more accepting of their use.  In addition, the Federal government funded programs to encourage providers to purchase, adopt, implement, and demonstrate meaningful use of electronic health record (EHR) systems and will eventually penalize Medicare providers do not meaningfully use EHR technologies.  

While health IT offers you and your patients the opportunity for better quality and more efficient care, widespread use of health IT also presents challenges to privacy and security.  To address these challenges, the Federal government’s Health Information Technology for Economic and Clinical Health Act (HITECH) of the American Recovery and Reinvestment Act of 2009 (ARRA) strengthened some HIPAA requirements for privacy and security.  An interim rule expands individuals’ rights to access their health information and restricts certain types of disclosures of protected health information to health plans; requires business associates of HIPAA-covered entities to be under most of the same rules as the covered entities; sets new limitations on the use and disclosure of protected health information for marketing and fundraising; and prohibits the sale of protected health information without patient authorization.  These and other changes to HIPAA’s rules were proposed on July 14, 2010 and are already in effect.  All covered providers must comply with these Federal rules and all other applicable state and local regulations.  

This ‘Privacy and Security Issues’ module of the HIV/AIDS Health Information Technology Adoption Toolbox offers an introduction and summary to privacy and security requirements for HIV/AIDS providers and addresses issues specific to HIV/AIDS providers and HRSA/HAB grantees.  This module is a supplement to two other HRSA Toolkit modules: the HRSA HIT Adoption Toolbox, Privacy and Security module and the HRSA Meaningful Use, Privacy and Security module.  

What Are the Specific Privacy and Security Needs of HIV/AIDS Patients?

Who is Required to Comply with HIPAA Requirements?

How Can I Maintain Patient Privacy in a Health Information Technology System?

How Do I Ensure Security in Our System?

How Do I Comply with Meaningful Use Requirements?

Developed by the Health Resources and Services Administration as a resource for health centers and other safety net and ambulatory care providers who are seeking to implement health IT.
About
Health Information Technology Toolboxes help health centers, safety net providers, and ambulatory care providers with electronic and online resources and technical assistance to improve patient care.  More>
Stay Informed