Privacy and Security Education

Skip Navigation LinksEducation > EHR Resources > Privacy & Security

Privacy and Security

Ensuring the privacy and security of health information, including information in electronic health records (EHR), is a foundational component in the effective use of electronic health information. 

ONC Privacy and Security Resources and Video - Health Information Privacy, Security, and Your EHR

ONC Guide to Privacy and Security of Health Information (.pdf)

Featured Podcast:

As more healthcare information becomes available in electronic format in a multitude of locations, propagated by one system to another and existing in secondary and tertiary health data banks, the concerns about privacy and the ability to protect this information on a need-to-know basis are becoming more evident.

Developed by the ACP Center for Practice Improvement and Innovation, the following documents have been developed to assist practices with an understanding of HIPAA requirements:

The Red Flags Rule requires many businesses and organizations to implement a written Identity Theft Prevention Program to detect the warning signs — or “red flags” — of identity theft in their day-to-day operations. On December 18, 2010, the President signed into law the "Red Flag Program Clarification Act of 2010," which clarifies the type of "creditor" that must comply with the Red Flags Rule. ACP believes that most members are now exempt from the FTC's Red Flag Rules. For more information see this summary from the AMA.

The ACP Center for Practice Improvement and Innovation (CPII) has put together some information and guidance to help implement a program to comply with the FTC's Red Flag Rules: