1. HealthIT.gov>
  2. For Providers & Professionals>
  3. Privacy and Security

Privacy and Security

Health Information Privacy, Security, and Your EHR

Ensuring privacy and security of health information, including information in electronic health records (EHR), is a key component to building the trust required to realize the potential benefits of electronic health information exchange. If individuals and other participants in a network lack trust in electronic exchange of information due to perceived or actual risks to electronic health information or the accuracy and completeness of such information, it may affect their willingness to disclose necessary health information and could have life-threatening consequences.

Cybersecurity Game shield icon

Cybersecure:

Your Medical Practice

Play the Game

Integrating Privacy & Security Into Your Medical Practice

The HIPAA Privacy and Security Rules protect the privacy and security of individually identifiable health information. HIPAA Rules have detailed requirements regarding both privacy and security.

  • The HIPAA Privacy Rule covers protected health information (PHI) in any medium, while the
  • The HIPAA Security Rule covers electronic protected health information (ePHI).

In addition to HIPAA, you must comply with all other applicable federal, state, and local laws.


Read More

Privacy & Security 10 Step Plan

Ensuring privacy and security of health information in an EHR is a vital part of Meaningful Use.  Security risk analysis and management are foundational to this effort. The process can be challenging, but is achievable through a step-wise approach.  

This 10-step privacy and security plan is not intended as a statement of meeting HIPAA or Meaningful Use requirements. It’s just one suggested organized approach recommended to address various federal privacy and security requirements.


Read More

Privacy & Security and Meaningful Use

HIPAA privacy and security requirements are embedded in the Medicare and Medicaid EHR Incentive Programs through the following meaningful use requirements.  To fulfill requirements of Stage 1 of Meaningful Use, eligible providers need to “attest” that they have met certain measures or requirements regarding the use of the EHR for patient care. 

Learn more about privacy, security, and meaningful use in Chapter Two of the downloadable Privacy and Security Guide.


Download Chapter 2 [PDF - 1.5 MB]

Privacy & Security Resources

Get started today! HHS Office of the National Coordinator for Health IT (ONC), Office for Civil Rights (OCR), and other HHS agencies have developed and issued a number of guidance, tools, and educational materials designed to help you better integrate privacy and security into your practice’s use of EHRs. A brief description of each resource is provided, along with a direct link.

Read More

Get Answers to your Privacy & Security Questions

What federal rules do I need to follow to keep my patient records private and secure?
Do I need to obtain consent from my patients to implement a patient portal?
Where can I find more information about complying with the Health Insurance Portability and Accountability Act (HIPAA) while implementing an EHR system?
No one in my office has a background in privacy and security and many of my employees consider the requirements to be difficult to meet and an obstacle to treating patients. How can I change the culture of my practice to one that appreciates and protects

See All Privacy & Security FAQs