Education > Education Resources > Privacy & Security
Privacy and Security Education
ONC Privacy and Security Resources and Video - Health Information Privacy, Security, and Your EHR
ONC Guide to Privacy and Security of Health Information (.pdf)
As more healthcare information becomes available in electronic format in a multitude of locations, propagated by one system to another and existing in secondary and tertiary health data banks, the concerns about privacy and the ability to protect this information on a need-to-know basis are becoming more evident.
Developed by the ACP Center for Practice Improvement and Innovation, the following documents have been developed to assist practices with an understanding of HIPAA requirements:
On April 27, 2009, the Department of Health and Human Services (HHS) published the following guidance document regarding breach notification requirements:
The Red Flags Rule requires many businesses and organizations to implement a written Identity Theft Prevention Program to detect the warning signs — or “red flags” — of identity theft in their day-to-day operations. On December 18, 2010, the President signed into law the "Red Flag Program Clarification Act of 2010," which clarifies the type of "creditor" that must comply with the Red Flags Rule. ACP believes that most members are now exempt from the FTC's Red Flag Rules. For more information see this summary from the AMA.
The ACP Center for Practice Improvement and Innovation (CPII) has put together some information and guidance to help implement a program to comply with the FTC's Red Flag Rules: