The javascript used on this site for creative design effects is not supported by your browser. Please note that this will not affect access to the content on this web site.
Skip Navigation
H H S Department of Health and Human Services
U.S. Department of Health and Human Services
Health Information Technology

A-Z Index  |  Questions? 

  • Print this
  • Email this
Ensure Privacy & Security

Ensure Privacy & Security

The use of health IT gives you new ways to secure information, but also adds new challenges to managing privacy and security. Knowing the laws and the steps required to protect information in electronic form is important for any safety net provider. This section clarifies the basic tenets of the laws for protecting privacy and security. It also offers guidance on how to address breaches.

What You Need to Know About Ensuring Privacy and Security

As more health care information is converted into electronic format, concerns about privacy and protecting patient information have greatly increased. Health care organizations need effective ways to reduce risks to EHR privacy and security. This section explains:

How to Ensure Privacy and Security

Safeguarding the privacy of protected information in your EHR fundamentally changes how your organization manages information. Fortunately, properly configured, certified EHRs can provide more protection to patient health information than paper records can. Federal law requires that your organization protect electronic information. To do so, safety net providers need to prepare documented policies and procedures, train staff, inform patients of their rights, and implement safeguards to prevent unauthorized disclosure. In addition, safety net providers using health IT must notify the Center for Medicare and Medicaid Services that they have met Meaningful Use standards for security risk analysis in order to qualify for incentive payments. This section guides you through key elements in the process of ensuring compliance.

Access resources on privacy and security, including a detailed 10-step action plan provided by the HHS Office of the National Coordinator for Health IT.