Health care is in the midst of transition toward an interoperable electronic healthcare network at the community, state, and national level. Along with the potential to enhance health care quality, and efficiency, and patient safety come new challenges. With the development and implementation of a Nation-wide Health Information Network (NW-HIN) there is a new focus on confidentiality, privacy, and security. The success of the envisioned interoperable electronic healthcare network depends upon public confidence and trust. Driving the focused on winning public confidence and trust; HITECH provisions have introduced revisions to HIPAA that along with new State regulations bring fresh compliance requirements to the confidentiality, privacy, and security realm.

As health care consumers our primary expectation is that individually identifiable health information will be protected from misuse and inappropriate disclosure. Health care consumers hold onto the basic tenet of individual control over our personal health information. With the introduction of health information exchange networks consumer confidentiality, privacy, and security concerns have intensified. Consumers faced with the creation of vast health information exchange networks want assurances that they will remain in control of their health information. Health care consumers seek first choice over their participation in a health information exchange. Of primary importance to the patient is the option to decide who has access to their health information and how it is used.

In addition to self determination over the access and control of their personal health information, consumers seek transparency regarding healthcare organization policies and practices regarding the accessibility of health information by stakeholders of institutions regarding matters that affect their interests.

HIM professionals must approach the management of confidentiality, privacy, and security challenges from two perspectives; standards and policies. Although confidentiality, privacy, and security standards and policies may appear to address the issues from very different perspectives, unless standards and policies are harmonized confidentiality, privacy, and security controls and compliance will never be achieved. To ensure the successful implementation of interoperable healthcare networks policies and standards must be harmonized. Toward that goal AHIMA actively participates in numerous standards and policy harmonization efforts.

For insight on the impact of ARRA/HITECH on confidentiality, privacy, and security visit the ARRA-HITECH Privacy and Security page of www.ahima.org.

Industry and Standards Activities

• Health Information Technology Standards Panel (HITSP) - Security, Privacy, & Infrastructure Technical Committee (SPI-TC)
• The Health Information Security and Privacy Collaborative (HISPC)
• AHRQ
• RTI International
  
• CCHIT - Certification Commission for Healthcare Information Technology,  utilizing privacy and security standards in developing certification criteria
• AHRQ - Agency for Healthcare Research and Quality, Health Information Technology Program
• NCVHS -National Committee on Vital and Health Statistics

Resources & Links

• HITSP - Health Information Technology Standards Panel
• HISPC - Health Information Security and Privacy Collaboration
• NIST - National Institute of Standards and Technology
• NGA - National Governors Association's State Alliance for e-Health
• OCR - Office for Civil Rights - HIPAA
• Centers for Disease Control and Prevention (CDC)
• BioSense
• Public Health Information Network (PHIN)
• HRSA - Health Resources and Services Administration
• SAMHSA - Substance Abuse and Mental Health Services Administration
• IHS - Indian Health Services
• U.S. Department of Defense (DoD)
• U.S. Department of Veterans Affairs (VA)

AHIMA Tools & Resources

• Practice Guidance from the AHIMA Compendium
• Access all AHIMA Resources on Privacy, Security, & Confidentiality