The  Office of the National Coordinator for Health Information (ONC) recently released an updated Guide to Privacy and Security of Electronic Health Information.  The guide aims to help individuals, providers, and the health IT community understand the role of HIPAA for interoperability of health information.

This guide updates the previous version issued by the ONC in 2011.  Most notably, the guide incorporates updated standards in accordance with the new final rules, issued in 2013, under the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009.  For example, the updated guide has updated instructions regarding electronic health record (EHR) vendors, who are now considered Business Associates under the HITECH rules.

Furthermore, ONC has updated the guide to take account of new requirements governing Medicare and Medicaid EHR Incentive Programs, known as Meaningful Use.  The guide notes that, at each stage of the Meaningful Use program, providers must meet certain core privacy and security requirements.

The new guide also has more robust information about security, including a sample approach for implementing a security management process and explains how HIPAA security requirements may be incorporated by EHR developers.

The guide can be downloaded from the ONC website here.  In addition, the sample security plan is available as its own document at this link.