Fact Sheet outlining a three-step process to make sure you’re in compliance with HIPAA and if not, the steps that can be taken to make sure you are. This fact sheet also includes questions to ask potential business associates and things to keep in mind in case there is a breach.

This is a recent presentation by the Substance Abuse and Mental Health Services Administration's Health IT effort that provides an overview of their Consent2Share project. Consent2Share is a tool for consent management and data segmentation that is designed to integrate within existing electronic health record (EHR) and Health Information Exchange (HIE) systems.

This overview is provided to health center leadership and staff to help them better understand new practices and technologies in the field that can assist in compliance with HIPAA 42 CFR Part 2 regulations when trying to participate in health information exchange activities.

This guide provides examples and overviews of patient portal considerations for minors as it relates to Meaningful Use, HIPAA. state consent laws and associated policies. The articles and presentations included for download and linked to from related websites include use cases and examples from multiple states and national level guidelines.

This article from Optum provides a breakdown on Bring Your Own Device (BYOD) policy considerations based on the mix of devices your organization is trying to support, the size of your healthcare organization and implementation factors that may have an impact on success.

The HHS Office for Civil Rights has started its next phase of audits of covered entities and their business associates. The 2016 Phase 2 HIPAA Audit Program will review the policies and procedures adopted and employed by covered entities and their business associates to meet selected standards and implementation specifications of the Privacy, Security, and Breach Notification Rules. 

The Office for Civil Rights (OCR) has recently announced the release of a new set of FAQs that seeks to address whether business associates of a HIPAA covered entity may block or terminate access by the covered entity to the protected health information maintained by the business associate for or on behalf of the covered entity.

Conducting or reviewing a security risk analysis to meet the standards of Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule is included in the meaningful use requirements of the Medicare and Medicaid EHR Incentive Programs.

In this session participants will learn about the data privacy laws as they relate to digital health. Attendees will have a better understanding about HIPAA, data privacy laws, telehealth regulations and more.

Join us for a moderated panel discussion with developers and implementers about the future FHIR ecosystem. Panelists will provide their perspectives on the impact of FHIR adoption and implementation on healthcare, addressing questions such as: what use cases will see greatest adoption (and what will happen to CCDA)? What challenges will we have to solve as more granular data is searchable over FHIR APIs? How will FHIR impact user experience of accessing health information?

The Weitzman Institute and the Moses/Weitzman Health System are pleased to present the latest installment of our series of informative discussions with an exclusive panel of global experts driving the development of Artificial Intelligence (AI). April Joy Damian, PhD, MSc, CHPM, PMP, Vice President and Director of the Weitzman Institute will moderate this latest discussion, "AI Fundamentals and Applications in Primary Care," on Wednesday, October 26 at 1 pm Eastern| 10 am Pacific.  

This webinar will bring together industry AI leaders with an evidence-based applied perspective on using AI in primary care to:

• Understand AI history, definitions, methodology, benefits, and healthcare use cases
• Explore the most common and validated use cases in primary care
• Examine implications of AI in promoting health equity and improving healthcare access and outcomes

Patient use of their health information accessible to them through online tools (e.g., patient portals and smartphone apps) can help empower them to make informed decisions about their health and track progress on health-related goals, potentially resulting in improved patient outcomes (1). Enabling patients to access and use the information contained in online medical records and patient portals may also provide significant health system benefits, including decreased healthcare costs and strengthened patient- physician relationships (1). In 2020, ONC published the Cures Act Final Rule to increase patient and provider access to health-related data, specifically through health IT developer adoption of secure standardized application programming interfaces (APIs) that make this information more widely available across smartphone apps (2). The API requirements, which as of 2023 have been rolled out to health care providers, enable patients to electronically access their electronic health information using apps. This brief analyzes recent data from the 2022 Health Information National Trends Survey (HINTS), a nationally representative survey of U.S. adults, to assess progress in patient access amidst implementation of Cures Rule provisions during the COVID-19 pandemic, which likely increased demand for access to online medical records. This brief also reports on methods and frequency of individuals’ access and use of online medical records and patient portals.

CoE-PHI resource that describes the Information Blocking Rule and explains that it does not preempt stricter privacy laws and regulations such as 42 CFR Part 2.

Key Points:

• Information blocking includes practices that would “interfere with, prevent, or materially discourage the access, exchange, or use of electronic health information.”
• Following a legal requirement to obtain patient consent for a disclosure meets the “privacy exception” in the Information Blocking Rule and is not considered information blocking.
• If a portal cannot segment Part 2-protected records or prevent a patient’s proxy from unconsented access to such records, the healthcare provider should not share Part 2-protected records on the portal.

Recent Department of Health and Human Services (HHS) policy is bringing patients unprecedented access to their health information. Join the Office of the National Coordinator for Health Information Technology (ONC) and Centers for Medicare and Medicaid Services (CMS) in September for an event focused on patient access to health data. The day will bring together patients, providers, payers, and health IT developers to discuss how HHS policies are working in practice and how to maximize the impact of these policies. The event will also highlight educational tools and resources, such as patient-facing apps that enable the availability of patient information and make that health information easier to understand.

Come to the ONC and CMS patient access event to hear more about…

Patients’ experiences accessing their data, including the benefits and challenges they faced along this journey. How the next generation of apps are connecting across new health information sources to bring together patients’ data and preferred tools to act on that data. Clinicians who are at the forefront of helping patients access and understand their data, recognizing patient preferences and privacy concerns. Innovative developers demonstrating how they are making patients’ data actionable, and the implementation challenges they face as they connect sources across the care continuum Health care payers’ their successes and challenges with making data available to patients. Don't miss this opportunity to learn about the latest developments in patient data access and how you can be a part of the path forward.

Registration details to follow soon! Until then, you can find valuable information and resources about the patient’s right to their data on our website. If you would be interested in sharing a patient experience with accessing and using patient data, please share with us at https://www.healthit.gov/feedback.
 

In an increasingly connected healthcare landscape, health centers face a dual challenge: the rising tide of cyber threats and the need to comply with stringent data protection regulations, all while managing limited resources. The ever-evolving nature of cyberattacks and the complexity of compliance requirements make it essential for health centers to prioritize cybersecurity tasks effectively.
Many Health Center leaders, IT Managers, and Compliance Directors are trying to ensure that they are properly addressing the ongoing tasks related to compliance and security. This guide provides the baseline of day-to-day tasks that health center IT and Compliance staff should consider to protect their systems and comply with regulatory requirements.

There are many questions about patient portals and the related requirements under the Information Blocking Rule. In this session, our expert speaker will review the impact of the Information Blocking Rule on implementation and use of the patient portal.

Over the last few years, the Office of Civil Rights has focused much of its enforcement efforts on ensuring patients are afforded their HIPAA right to access their protected health information (PHI). The Privacy Rule generally requires HIPAA covered entities to provide individuals, upon request, with access to the PHI (including electronic PHI) about them in one or more “designated record sets” maintained by or for the covered entity. This includes the right to inspect or obtain a copy, or both, of the PHI. It also includes an individual’s right to direct the covered entity to transmit a copy of their PHI to a designated person or entity of the individual’s choice.

This two session roundtable series brought together CIOs, CISOs, and other IT leadership from health centers to discuss strategic investments in cybersecurity, including those that can leverage recent ARP funding but sustain beyond the coming years. Participants had the opportunity to connect with each other and subject matter experts about implementation, considerations, and the future of cybersecurity and data protection in health centers.

This two session roundtable series brought together CIOs, CISOs, and other IT leadership from health centers to discuss strategic investments in cybersecurity, including those that can leverage recent ARP funding but sustain beyond the coming years. Participants had the opportunity to connect with each other and subject matter experts about implementation, considerations, and the future of cybersecurity and data protection in health centers.

HHS Office of Civil Rights (OCR), the entity responsible for enforcing regulations under HIPAA, stated, effective immediately, it will exercise enforcement discretion and will not impose penalties for HIPAA violations against covered healthcare providers if patients are served on a good faith basis during the COVID-19 nationwide public health emergency. Find out what this means in implementation by accessing this issue brief.

The U.S. Department of Health & Human Services (HHS), Office for Civil Rights (OCR) has developed a Cyber Security Checklist and a corresponding Cyber Security Infographic that explains the steps for a HIPAA covered entity or its business associate (the entity) to take in response to a cyber-related security incident.