Health Information Management

Tip: Use OCR privacy and security guidance as a framework

HIM-HIPAA Insider, April 13, 2009

As part of its December 2008 Privacy and Security Toolkit, the OCR discussed how the privacy rule facilitates electronic health information exchange (HIE) in a networked environment.

The guidance, found in “The Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information,” establishes privacy and security principles for stakeholders engaged in the electronic exchange of health information.

“It probably reassured some people that they really can do health information exchange in compliance with HIPAA,” says John R. Christiansen, JD, of Christiansen IT Law, in Seattle.

But while it is helpful, it is a framework alone, Christiansen adds, comparing it to an architectural blueprint that may state “a house should have indoor plumbing and electricity.”

“But if I’m going to actually build a house in compliance with these principles, I still need to know how to install the plumbing so the toilet doesn’t back up whenever it’s flushed, and how to wire the house so it doesn’t burn down when I turn on the lights,” he says. “These principles don’t tell us how to do that.”

Instead, organizations should use these principles to better understand how they can exchange information and care for patients more efficiently.

Editor’s note: This is an excerpt from an article in the April edition of the HCPro, Inc. newsletter Health Information Compliance Insider.

Most Popular