Data Security Report Submitted to Congress by OCR

by | Oct 27, 2014

On October 2, The Office of the National Coordinator for Health Information Technology (ONC) released a report to congress providing guidance and recommendations on how new technology can be used in healthcare and how the safe exchange of health information can provide patient with many advantages.

The report, titled Update on the Adoption of Health Information Technology and Related Efforts to Facilitate the Electronic Use and Exchange of Health Information, provided information on the obstacles faced in the exchange of health information together with proposals on how the federal government can take steps to remove some of those hurdles. ONC listed ‘Privacy and Security Protections for Health Information’ as one of its main building blocks to ensure smooth integration of IT in healthcare  ein order to ensure patient data privacy rights is secure.

Congress was given with a timely reminder of the Health and Human Services department’s (HHS) role and that it should advise on issues pertaining to data privacy and security, as well as help with the development of data management policies. The HHS should be reviewing new technologies which can be used to exchange health information and conduct risk assessments and analyses to find possible weaknesses and suggest strategies for minimizing those dangers.

It should produce and distribute the materials necessary to facilitate the education of stakeholders on the importance of a coordinated group effort to sustain the privacy of patient health data. It has been recommended that it offer multimedia tools and technical guidance to make it easier for stakeholders to carry out data security risk assessments.

The HHS must also coordinate its work with other government departments on a state, regional and national level and take a global view on the privacy of health information and cybersecurity issues. The report also used figures on data security, privacy and breaches gathered by the Office for Civil Rights from 33,000 HIPAA complaints that it resolved.

OCR took the chance to highlight the efforts it has made in relation to data security and privacy. It has put together government sanctioned forms that are available to download and use as templates for privacy practices. Organizations can use the forms and distribute them under HIPAA privacy rules to make patients aware of their PHI privacy rights and the privacy practices employed by the organization in question.

It also referred to its cyber security risk assessment tool for identifying potential weaknesses. The risk assessment tool can be used to find areas requiring improved security measures to enable action to be taken to comply with requirements of the HIPAA Security Rule.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy