Feb. 23, 2024: National Advocacy Update


The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) have published a resource for physicians and their medical practices to help bridge Health Insurance Portability and Accountability Act (HIPAA) security requirements and good cybersecurity practices. This resource can not only improve compliance with the law, but also bolster your cybersecurity.

Haven't subscribed?

Stay current on the latest on the issues impacting physicians, patients and the health care environment with the AMA’s Advocacy Update newsletter.

The publication provides an overview of the HIPAA Security Rule, strategies for assessing and managing risks to electronic protected health information (ePHI), suggestions for cybersecurity measures and solutions that physicians and medical practices might consider as part of an information security program, and resources for implementing and complying with regulations. Specific topic areas include: 

  • Explanations of the HIPAA Security Rule’s Risk Analysis and Risk Management requirements 
  • Key activities to consider when implementing Security Rule requirements 
  • Actionable steps for implementing security measures 
  • Sample questions to determine adequacy of cybersecurity measures to protect ePHI 

Please visit AMA Physician Cybersecurity for more information—the AMA has curated resources and developed tips for physicians and health care staff to protect patient health records and other data from cyberattacks.

HHS’ Office of the National Coordinator for Health Information Technology (ONC) announced the CommonWell Health Alliance and Kno2 as new Qualified Health Information Networks (QHINs) under the Trusted Exchange Framework and Common Agreement (TEFCA). In Dec. 2023, HHS recognized five QHINs to begin establishing data exchange through TEFCA: eHealth Exchange, Epic Nexus, Health Gorilla, KONZA and MedAllies. Taken together, seven QHINs are now operational and supporting the exchange of data under the Common Agreement's policies and technical requirements.  

Passed into law through the 21st Century Cures Act (PDF), TEFCA is a private-public effort to connect the nation’s health care providers, payers and patients and enable more seamless interoperability. TEFCA outlines a common set of principles, terms and conditions to support the nationwide exchange of electronic health information. Participation in TEFCA is voluntary, but it provides another means for health system participants to exchange patient data even without access to a state-based or electronic health record (EHR)-specific health information exchange. More information on TEFCA is available through the Sequoia Project, which serves as the Recognized Coordinating Entity in charge of overseeing the TEFCA Network. 

Your Powerful Ally

The AMA helps physicians build a better future for medicine, advocating in the courts and on the Hill to remove obstacles to patient care and confront today’s greatest health crises.