Health information technology (health IT) involves the processing, storage, and exchange of health information in an electronic environment. Widespread use of health IT within the health care industry will improve the quality of health care, prevent medical errors, reduce health care costs, increase administrative efficiencies,
decrease paperwork, and expand access to affordable health care. It is imperative that the privacy and security of electronic health information be ensured as this information is maintained and transmitted electronically. With the proliferation and widespread adoption of cloud computing solutions, HIPAA covered entities and business associates are questioning whether and how they can take advantage of cloud computing while complying with regulations protecting the
privacy and security of electronic protected health information (ePHI). HHS has developed guidance to assist such entities, including cloud services providers (CSPs), in understanding their HIPAA obligations. The materials below are the HIPAA privacy components of the
Privacy and Security Toolkit developed in conjunction with the Office of the National Coordinator. The Privacy and Security Toolkit implements the principles in The Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information (Privacy and Security Framework). These guidance documents discuss how the Privacy Rule can facilitate the electronic exchange of health information. Learn more about the Privacy and Security Framework and view other documents in the Privacy and Security Toolkit, as well as other health information technology
resources.Cloud Computing
HIPAA Privacy Components of the Privacy and Security Toolkit
Content created by Office for Civil Rights (OCR)
Content last reviewed August 31, 2020
Learn what a health information system is, benefits, best practices, and more in Data Protection 101, our series on the fundamentals of information security.
A health information system (HIS) refers to a system designed to manage healthcare data. This includes systems that collect, store, manage and transmit a patient’s electronic medical record (EMR), a hospital’s operational management or a system supporting healthcare policy decisions.
Health information systems also include those systems that handle data related to the activities of providers and health organizations. As an integrated effort, these may be leveraged to improve patient outcomes, inform research, and influence policy-making and decision-making. Because health information systems commonly access, process, or maintain large volumes of sensitive data, security is a primary concern.
Health information technology (HIT) involves the development of health information systems.
Examples of Health Information Systems
Health information systems can be used by everyone in healthcare from patients to clinicians to public health officials. They collect data and compile it in a way that can be used to make healthcare decisions.
Examples of health information systems include:
Electronic Medical Record (EMR) and Electronic Health Record (EHR)
These two terms are almost used interchangeably. The electronic medical record replaces the paper version of a patient’s medical history. The electronic health record includes more health data, test results, and treatments. It also is designed to share data with other electronic health records so other healthcare providers can access a patient’s healthcare data.
Practice Management Software
Practice management software helps healthcare providers manage daily operations such as scheduling and billing. Healthcare providers, from small practices to hospitals, use practice management systems to automate many of the administrative tasks.
Master Patient Index (MPI)
A master patient index connects separate patient records across databases. The index has a record for each patient that is registered at a healthcare organization and indexes all other records for that patient. MPIs are used to reduce duplicate patient records and inaccurate patient information that can lead to claim denials.
Patient Portals
Patient portals allow patients to access their personal health data such as appointment information, medications and lab results over an internet connection. Some patient portals allow active communication with their physicians, prescription refill requests, and the ability to schedule appointments.
Remote Patient Monitoring (RPM)
Also known as telehealth, remote patient monitoring allows medical sensors to send patient data to healthcare professionals. It frequently monitors blood glucose levels and blood pressure for patients with chronic conditions. The data is used to detect medical events that require intervention and can possibly become part of a larger population health study.
Clinical Decision Support (CDS)
Clinical decision support systems analyze data from various clinical and administrative systems to help healthcare providers make clinical decisions. The data can help prepare diagnoses or predict medical events — such as drug interactions. These tools filter data and information to help clinicians care for individual patients.
Tags: Data Protection 101 , Healthcare