ONC guide offers 10 steps for MU

ONC's Office of the Chief Privacy Officer (OCPO) has published a "Guide to Privacy and Security of Health Information," which aims to help physicians, nurses and IT staff better understand how the safety of patient data is essential to meaningful use of electronic health records and mobile devices.

Earlier this spring Healthcare IT News reported the results of a study from HIMSS Analytics and Kroll that showed security breaches are still widespread in healthcare – despite increased attention paid to patient privacy.

[See also: Breaches epidemic despite efforts at compliance, says Kroll.]

The "HIMSS Analytics Report: Security of Patient Data," suggested that, despite increasingly stringent regulatory activity with regard to reporting and auditing procedures, most providers were prioritizing compliance with the rules over actually bolstering their own organizations' security protocols.

The result was that, despite significantly increased confidence on the part of officials such as HIM directors, compliance officers and CIOs – with many of them reporting they are "extremely prepared" – data breaches are still on the rise.

Twenty-seven percent of respondents reported a security breach in the past year – well up from 19 percent in 2010 and 13 percent in 2008. More than two-thirds (69 percent) of those experienced more than one breach in the past 12 months.

[See also: Q&A: Security failings 'a cultural issue,' says expert.]

Health providers "have a lot coming at them," said Brian Lapidus, senior vice president, Kroll Advisory Solutions. "They've got meaningful use, they've got EHR implementations, they've got HIPAA requirements." Nonetheless, "there is a responsibility for these organizations to protect patient data."

So the new ONC guide, which seeks to offer a comprehensive, easy-to-understand resource to help providers incorporate robust privacy and security routines into their clinical workflow, comes at a crucial time.

Developed by OCPO in partnership with the American Health Information Management Association (AHIMA) Foundation, the 47-page guide offers detailed guidance on topics such as security risk analyses and management tips, and working with EHR and health IT vendors.

The guide also offers a 10-step plan for reinforcing privacy and security protections before attesting for meaningful use: