One of the highlights for me this year at HIMSS is attending the educational sessions when I am not manning the Perficient Booth, #1555. I was fortunate to attend a session, “Managing Privacy and Security Challenges of Patient EHR Portals,” which focused on securing PHI (protected health information) in patient portals that really clarified some muddy waters for me. My concern has always been twofold. First, how do you manage adolescents’ access to the portal and how do you ensure their privacy? The presenters tackled this question and actually recounted the experience the Mayo Clinic had surrounding this issue. Mayo’s solution was to close portal access for those “difficult to manage” years between 12-17. I liked the way the session was arranged, first hearing the legal explanation then hearing how it was put into practice by an institution such as Mayo Clinic.
My other concern, when does patient entered data become PHI, was indirectly answered in the session. They explained the difference between PHR, EMR portals and PHI in an easily understandable way. During their presentation, they also touched on entering or sharing patient reported data with the physician or provider, inferring that this would create PHI if this was incorporated into the EMR data. So I left the session satisfied and armed with new knowledge.
Did you find any sessions that made you feel more “secure?”