The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces federal civil rights laws, conscience and religious freedom laws, the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules, and the Patient Safety Act and Rule, which together protect your fundamental rights of nondiscrimination, conscience, religious freedom, and health information privacy.
What is the difference between “consent” and “authorization” under the HIPAA Privacy Rule?
Answer: The Privacy Rule permits, but does not require, a covered entity voluntarily to obtain patient consent for uses and disclosures of protected health information for treatment, payment, and health care operations.
HIT Guide to Privacy and Security of Electronic Health Information
Everyone has a role to play in the privacy and security of electronic health information — it is truly a shared responsibility. The Office of the National Coordinator for Health Information Technology (ONC) provides resources...
ONC Guide for “Reassessing Your Security Practices in a Health IT Environment: A guide for Small Health Care Practices
This guide is intended to assist small health care practices in reassessing their existing health information security policies as they consider adopting and implementing emerging health information technology (health IT) capabilities such as electronic health records and electronic health information exchange.
Individuals’ Right under HIPAA to Access their Health Information
Providing individuals with easy access to their health information empowers them to be more in control of decisions regarding their health and well-being. For example, individuals with access to their health information are better able to monitor chronic conditions, adhere to treatment plans, find and fix errors in their health records, track progress...