American Health Information Management Association (AHIMA) and Healthcare Information and Management Systems Society (HIMSS). (2011). The privacy and security gaps in health information exchanges [White paper]. Retrieved from http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_049023.pdf.
This joint white paper aims to “address the issues surrounding privacy and security in Health Information Organization(s)… The intent (of this document) is not to produce a privacy and security ‘bible’ but to highlight the privacy and security issues in the various domains within the HIE environment that need to be considered when forming an HIO or implementing an HIE.”
“Best practices in privacy and security surrounding protected health information (PHI) are the cornerstones to the trust relationships necessary when exchanging health data across the continuum of care. (T)he healthcare industry continue(s) to be faced with new challenges to the age-old issue of privacy and security of personal health information. Industry leadership needs guidance in security practices based upon a clear understanding of the legal framework, information content and context, and technical solutions including technical standards, architectures, and frameworks necessary to achieve secure and effective interoperable HIE. Many of these issues and solutions are not unique to healthcare and much can be learned from other information-intensive industries such as banking, payment cards, insurance, and finance.”
This white paper has broken down privacy and security into several subparts discussed below. It is important to understand that all of the components discussed below, when taken together, provide the single most effective way to protect personal health information. An organization with robust privacy and security policies and practices will be at significantly less risk for inappropriate disclosures than one that is not.”