als, and the International Organization for Standardization (ISO). Its goal is to develop a unified set of standards that are compatible with the ISO and other bodies. HISB does not write standards or make technical determinations but instead coordinates the activities of other accredited standards bodies. Its voting membership consists of private companies, government agencies, individual experts, and other organizations. It includes users and producers of health information, professional and trade organizations, government agencies, and standards organizations.

Computer-based Patient Record Institute

The Computer-based Patient Record Institute (CPRI) is an organization of public and private entities that promotes the use of electronic health records. CPRI has recognized the importance of providing for information security in the implementation of computer-based patient records and has established the Work Group on Confidentiality, Privacy, and Security. The work group was chartered to encourage the creation of policies and mechanisms to protect patient and caregiver privacy and to ensure information security. As part of its efforts, the work group is developing a series of security guidelines for organizations implementing electronic medical record systems. Products issued to date include guidelines for (1) establishing information security policies, (2) establishing information security education programs, (3) managing information security programs, and (4) establishing confidentiality statements and agreements.29 It has also developed a guide to security features for health information systems.30 The thrust of these initiatives is purely educational. CPRI has no mechanism or authority to ensure compliance with the guidelines it promulgates.

Joint Commission on Accreditation of Healthcare Organizations

The Joint Commission on Accreditation of Healthcare Organizations (JCAHO) certifies the compliance of hospitals with a number of specific accreditation standards. The 1996 JCAHO Accreditation Manual for Hospi-

29  

Computer-based Patient Record Institute (CPRI). 1995. Guidelines for Establishing Information Security Policies at Organizations Using Computer-based Patient Record Systems. CPRI, Schaumburg, Ill., February. Also, Computer-based Patient Record Institute. 1995. Guidelines for Information Security Education Programs at Organizations Using Computer-based Patient Record Systems. CPRI, Schaumburg, Ill., June.

30  

Computer-based Patient Record Institute. 1996. Security Features for Computer-based Patient Record Systems. CPRI, Schaumburg, Ill., September.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement