Become a Member

Health Information Technology Standards

Policy Frameworks

Policy frameworks establish a common foundation and rules for operating secure and functional health information exchanges. These frameworks provide general principles and approaches that organizations can use to develop both internal policies for utilizing and exchanging electronic records, and for working with external exchange partners.

Standards Policy
Standards Policy Frameworks Domains
CMS EHR Incentive Program/Meaningful Use Healthcare and Public Health
Health Information Technology Policy Committee Healthcare and Public Health
OCR Privacy and Security Health Information Exchange, Privacy and Security
ONC Privacy and Security Health Information Exchange, Privacy and Security

Centers for Medicare and Medicaid Services (CMS) Electronic Health Record (EHR) Incentive Program/Meaningful Use

Under the 2009 Health Information Technology for Economic and Clinical Health (HITECH) Act, eligible health care professionals and hospitals can qualify for Medicare and Medicaid incentive payments when they adopt certified electronic health record (EHR) technology and use it to achieve specified objectives, or "Meaningful Use". To achieve Meaningful Use, EHR technologies must have certain technical capabilities, and providers must meet the specified objectives and measures. Meaningful use objectives encourage common technical capabilities, use of those capabilities, and electronic information exchange by participants in the EHR Incentive Program.

Health Information Technology Policy Committee

The Health Information Technology Policy Committee makes recommendations to the Office of the National Coordinator for Health IT (ONC) on a policy framework for the development and adoption of a nationwide health information infrastructure, including standards for the exchange of patient medical information. The American Recovery and Reinvestment Act of 2009 (ARRA) provides that the Health IT Policy Committee shall at least make recommendations on the areas in which standards, implementation specifications, and certifications criteria are needed. The HIT Policy Committee workgroups are:

  • Meaningful Use
  • Certification/Adoption
  • Information Exchange
  • Nationwide Health Information Network (NHIN)
  • Strategic Plan
  • Privacy & Security
  • Enrollment
  • Governance
  • Quality Measures

Office of Civil Rights (OCR) Privacy and Security

Office of Civil Rights (OCR) Privacy and Security enforces the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule, which protects the privacy of individually identifiable health information; the HIPAA Security Rule, which sets national standards for the security of electronic protected health information; and the confidentiality provisions of the Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety. OCR is responsible for issuing regulations that modify HIPAA provisions and for enforcement of privacy and security compliance under HIPAA.

Office of the National Coordinator for Health IT (ONC) Privacy and Security

The ONC, under authority of Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009, evaluates potential privacy and security protections for electronic health information exchange and develops and coordinates privacy policies that will encourage patient trust and participation in the adoption of electronic health records and health information exchange. The Chief Privacy Officer coordinates this effort within U.S. Health and Human Services (HHS), as well as with other Federal agencies and State efforts. ONC develops white papers and other guidance, such as the Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information that help assure adequate protections for electronic information.