Blog

Category

API Management Articles Clinical Terminology Cloud Solutions Articles EMPI Articles and Insights FHIR Articles Health IT Security News & Resources HL7 Articles Interoperability Articles Product News Public Health Articles Public Health by Region Radiology Articles Regulatory Compliance Articles Rhapsody Press Releases Uncategorized
Rhapsody Health Solutions Team

HIPAA Versus EHR Certification, HIMSS13 Session Review

March 13, 2013

After enjoying HIMSS13 last week, I am writing one blog per day this week to review the educational sessions I thought were most insightful.

The education session that peaked my interest the most was Session 118, which compared the criteria of HIPAA to those of EHR Certification. The presenters were Rich Cohan from Providence Health and Adam H. Greene from Davis Wright Tremaine, and the title was “Privacy and Security Challenges of Meaningful Use.”

Based on the title, I went into the session looking to gain insight on privacy and security from a major health system. What immediately caught my attention were the comparisons drawn between the HIPAA rules as compared to EHR Certification criteria. As a vendor, I have been intimately involved in meeting the privacy and security requirements for EHR Certification. However, it has been very difficult to figure out how the EHR Certification criteria relate (or don’t relate) to the HIPAA requirements that providers must follow. This presentation summed it up beautifully.

Mr. Greene presented a table which included the following data in each row:

  • Privacy and security criteria for 2011 EHR Certification
  • The equivalent privacy and security criteria for 2014 EHR Certification
  • The HIPAA document number that corresponds to the EHR Certification criteria
  • Whether the criteria was a requirement under HIPAA rules or not 

this is a great take-a-way from the presentation. i can now utilize this table anytime i need to investigate how a specific ehr certification criterion applies to a specific hipaa rule.

the presentation also compared meaningful use objectives for patient access to data. this included the timeframes for making the data available per meaningful use and also the amount of data that must be made available. in general the timeframes are much shorter for the meaningful use criteria, but the amount of data that must be presented to the patient is much more comprehensive for hipaa rules. in addition, hipaa requires that all patient requests are fulfilled, while meaningful use only requires a percentage.

many other facets of hipaa and meaningful use were explored as well, including transport of summary of care documents, public health reporting, and patient reminders. the slides from this presentation are a resource that i will utilize when privacy and security questions arise.

for complete information on all the concepts that were covered, you can download the slides here.

Related Blogs

Rhapsody Health Solutions Team

Opening a digital front door that removes friction between patients, providers, and payers with trusted, actionable data

Geisinger shares they’re freeing up resources, boosting efficiency, and transforming how healthcare data is used throughout Pennsylvania with Rhapsody integration and identity solutions

Read more

Gevik Nalbandian

Why patients should own their data

It’s time to flip the script on healthcare data ownership and take a patient-centric approach.

Read more

Jamie Light

Chief Strategy Officer shares data interoperability expertise on US and UK health digitization debate

Drew Ivan discusses the constant need for interoperability following any health digitization with HIMSS CEO, Hal Wolf and Healthcare World’s Steve Gardner.

Read more