Blog

Category

API Management Articles Clinical Terminology Cloud Solutions Articles EMPI Articles and Insights FHIR Articles Health IT Security News & Resources HL7 Articles Interoperability Articles Product News Public Health Articles Public Health by Region Radiology Articles Regulatory Compliance Articles Rhapsody Press Releases Uncategorized
Rhapsody Health Solutions Team

HIPAA Versus EHR Certification, HIMSS13 Session Review

March 13, 2013

After enjoying HIMSS13 last week, I am writing one blog per day this week to review the educational sessions I thought were most insightful.

The education session that peaked my interest the most was Session 118, which compared the criteria of HIPAA to those of EHR Certification. The presenters were Rich Cohan from Providence Health and Adam H. Greene from Davis Wright Tremaine, and the title was “Privacy and Security Challenges of Meaningful Use.”

Based on the title, I went into the session looking to gain insight on privacy and security from a major health system. What immediately caught my attention were the comparisons drawn between the HIPAA rules as compared to EHR Certification criteria. As a vendor, I have been intimately involved in meeting the privacy and security requirements for EHR Certification. However, it has been very difficult to figure out how the EHR Certification criteria relate (or don’t relate) to the HIPAA requirements that providers must follow. This presentation summed it up beautifully.

Mr. Greene presented a table which included the following data in each row:

  • Privacy and security criteria for 2011 EHR Certification
  • The equivalent privacy and security criteria for 2014 EHR Certification
  • The HIPAA document number that corresponds to the EHR Certification criteria
  • Whether the criteria was a requirement under HIPAA rules or not 

this is a great take-a-way from the presentation. i can now utilize this table anytime i need to investigate how a specific ehr certification criterion applies to a specific hipaa rule.

the presentation also compared meaningful use objectives for patient access to data. this included the timeframes for making the data available per meaningful use and also the amount of data that must be made available. in general the timeframes are much shorter for the meaningful use criteria, but the amount of data that must be presented to the patient is much more comprehensive for hipaa rules. in addition, hipaa requires that all patient requests are fulfilled, while meaningful use only requires a percentage.

many other facets of hipaa and meaningful use were explored as well, including transport of summary of care documents, public health reporting, and patient reminders. the slides from this presentation are a resource that i will utilize when privacy and security questions arise.

for complete information on all the concepts that were covered, you can download the slides here.

Related Blogs

Lynn Stoltz

Up-to-date patient data across your organization: The power of real-time outbound notifications with Rhapsody EMPI

Learn how Rhapsody EMPI's real-time outbound notifications streamline patient data management, enhancing analytics and patient care.

Read more

Shelley Wehmeyer

Standardizing multimodal healthcare data at scale for machine learning: Zephyr AI achieves faster time to value with Rhapsody Semantic

Rhapsody Semantic helps Zephyr AI prepare multimodal healthcare data for machine learning and AI at scale, transforming data into insights and action.

Read more

Jesse Eichhorn

Modern identity data management for public health with Rhapsody EMPI

San Mateo County Health reduces duplicate patient records by more than 80% to better manage patients across multiple facilities while improving care coordination.

Read more