Educause Security Discussion mailing list archives

Re: Electronic Health Records (EHR's)?

From: Kevin Halgren <kevin.halgren () WASHBURN EDU>
Date: Wed, 23 Jan 2013 09:42:59 -0600

Since I haven't heard anything, I thought I'd provide at least a partialanswer to some of my questions based on what I've found. There are anumber of government and private sources providing guidance on the topic

For the intersection of HIPAA and FERPA regulations, the followingdocument is a good reference. I've used it before but regularly go backto it:http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/hipaaferpajointguide.pdf

In particular items 7 and higher in the FAQ

A good article on the topic:
http://www.ascaschoolcounselor.org/article_content.asp?article=1159

HIPAA Security Rule Info:
http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/index.html

34 CFS Part 99 (FERPA)
http://www.ecfr.gov/cgi-bin/text-idx?c=ecfr&tpl=/ecfrbrowse/Title34/34cfr99_main_02.tpl

Department of Education FERPA policy guidance:
http://www2.ed.gov/policy/highered/guid/edpicks.jhtml?src=ln

Many other good records:
http://www.nlm.nih.gov/services/queries/ehr.html

Health Information and Management Systems Society (HIMSS) has a numberof excellent resources as Electronic Health Records as well:

http://www.himss.org/ASP/topics_FocusDynamic.asp?faid=198


On 1/22/2013 8:21 AM, Kevin Halgren wrote:

Our counseling unit is looking at Electronic Health Record software.This is our first real foray into this technology and I'm trying toget ahead of the curve on this initiative. While they're not askingfor the ability to exchange records with anyone right now, I expect tohave that request in the near future, even if only with internalhealthcare-related units. I have a few questions for those of you whomay already use these:
1) How does the intersection of FERPA and HIPPA affect EHR's? I'maware the FERPA trumps HIPPA in situations where both may apply, butthen how would FERPA affect exchanging such records internally or withexternal medical organizations?
2) As a practical matter, how is secure exchange of EHR's performedand how often is it done?
3) What are the best resources you are aware of for getting up tospeed and staying up to date on EHR regulations and technologies?
Any input you can provide for any of these questions would be helpful.

Thanks,

Kevin

Attachment: kevin_halgren.vcf
Description:

Current thread:

Electronic Health Records (EHR's)? Kevin Halgren (Jan 22)
- Re: Electronic Health Records (EHR's)? Kevin Halgren (Jan 23)