New federal resource on implementing the HIPAA Security Rule
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) have published a resource for physicians and their medical practices to help bridge Health Insurance Portability and Accountability Act (HIPAA) security requirements and good cybersecurity practices. This resource can not only improve compliance with the law, but also bolster your cybersecurity.
The publication provides an overview of the HIPAA Security Rule, strategies for assessing and managing risks to electronic protected health information (ePHI), suggestions for cybersecurity measures and solutions that physicians and medical practices might consider as part of an information security program, and resources for implementing and complying with regulations. Specific topic areas include:
- Explanations of the HIPAA Security Rule’s Risk Analysis and Risk Management requirements
- Key activities to consider when implementing Security Rule requirements
- Actionable steps for implementing security measures
- Sample questions to determine adequacy of cybersecurity measures to protect ePHI
Please visit AMA Physician Cybersecurity for more information—the AMA has curated resources and developed tips for physicians and health care staff to protect patient health records and other data from cyberattacks.
HHS expands TEFCA with designation of two additional QHINs
HHS’ Office of the National Coordinator for Health Information Technology (ONC) announced the CommonWell Health Alliance and Kno2 as new Qualified Health Information Networks (QHINs) under the Trusted Exchange Framework and Common Agreement (TEFCA). In Dec. 2023, HHS recognized five QHINs to begin establishing data exchange through TEFCA: eHealth Exchange, Epic Nexus, Health Gorilla, KONZA and MedAllies. Taken together, seven QHINs are now operational and supporting the exchange of data under the Common Agreement's policies and technical requirements.
Passed into law through the 21st Century Cures Act (PDF), TEFCA is a private-public effort to connect the nation’s health care providers, payers and patients and enable more seamless interoperability. TEFCA outlines a common set of principles, terms and conditions to support the nationwide exchange of electronic health information. Participation in TEFCA is voluntary, but it provides another means for health system participants to exchange patient data even without access to a state-based or electronic health record (EHR)-specific health information exchange. More information on TEFCA is available through the Sequoia Project, which serves as the Recognized Coordinating Entity in charge of overseeing the TEFCA Network.
More articles in this issue
- Feb. 23, 2024: Advocacy Update spotlight on the 2024 AMA National Advocacy Conference
- Feb. 23, 2024: Medicare Payment Reform Advocacy Update
- Feb. 23, 2024: State Advocacy Update
