Lyniate Team

HIPAA Versus EHR Certification, HIMSS13 Session Review

March 13, 2013

After enjoying HIMSS13 last week, I am writing one blog per day this week to review the educational sessions I thought were most insightful.

The education session that peaked my interest the most was Session 118, which compared the criteria of HIPAA to those of EHR Certification. The presenters were Rich Cohan from Providence Health and Adam H. Greene from Davis Wright Tremaine, and the title was “Privacy and Security Challenges of Meaningful Use.”

Based on the title, I went into the session looking to gain insight on privacy and security from a major health system. What immediately caught my attention were the comparisons drawn between the HIPAA rules as compared to EHR Certification criteria. As a vendor, I have been intimately involved in meeting the privacy and security requirements for EHR Certification. However, it has been very difficult to figure out how the EHR Certification criteria relate (or don’t relate) to the HIPAA requirements that providers must follow. This presentation summed it up beautifully.

Mr. Greene presented a table which included the following data in each row:

  • Privacy and security criteria for 2011 EHR Certification
  • The equivalent privacy and security criteria for 2014 EHR Certification
  • The HIPAA document number that corresponds to the EHR Certification criteria
  • Whether the criteria was a requirement under HIPAA rules or not 

this is a great take-a-way from the presentation. i can now utilize this table anytime i need to investigate how a specific ehr certification criterion applies to a specific hipaa rule.

the presentation also compared meaningful use objectives for patient access to data. this included the timeframes for making the data available per meaningful use and also the amount of data that must be made available. in general the timeframes are much shorter for the meaningful use criteria, but the amount of data that must be presented to the patient is much more comprehensive for hipaa rules. in addition, hipaa requires that all patient requests are fulfilled, while meaningful use only requires a percentage.

many other facets of hipaa and meaningful use were explored as well, including transport of summary of care documents, public health reporting, and patient reminders. the slides from this presentation are a resource that i will utilize when privacy and security questions arise.

for complete information on all the concepts that were covered, you can download the slides here.

Related Blogs

Ecosystem Thinking Accelerates Innovation

Melanie Medina

Four Essential Things to Do to Prepare for a New Integration Engine

Preparing for a migration to a new integration engine is key to its success. We recommend these 4 steps.

Read more
Video Thumbnail

Lyniate Team

10 Tips for a Successful Migration to Epic

Switching to Epic is one of the most complex EHR conversion projects a health organization can launch. Hundreds of interfaces need to be converted or implemented.

Read more
Why should payer organizations integrate clinical data

Austin Dobson

The Importance of Integrating Clinical Data into Payer Organizations

In today's healthcare market, several different forces are pushing payers to integrate all aspects of patient care. To be successful, payer organizations must be able to facilitate access to the same information set, including both clinical and claims data.

Read more