Electronic Storage of Class 1/ 2 Medical forms... "Best Practice"?
- From: "Junto" <HamletRL@xxxxxxx>
- Date: 13 Sep 2006 17:22:54 -0700
We have several ideas floating around that could potentially resolve
some administrative headaches regarding the Class 1/ 2 forms, but there
is a lot of well-founded concern regarding privacy and security of this
information. Some adults say that HIPPA regulations have to be
followed, but countering that, some say that HIPPA does not apply
because our Troop is not a healthcare organization.
What I'd like to know is if the BSA has a policy, specific guidelines,
or perhaps a "best practice" regarding what I'd like to do.
Specifically, we have several adult leaders who need to get to the
forms to have them on hand for various functions. We also want to have
adult backups without having to rely of the physical transferring of
the forms. This has proven to be more of a security issue than it
should be.
The idea is to scan the forms and store them as pdf files on the server
that also has our website. The website will not have posted links that
will allow people to navigate to the forms. The forms will be stored
in a password-protected directory. Browsing of the website, which
permits people to snoop, is turned off. What link that does exist to
a specific form will be in TroopMaster, access to which is also
password-protected. The last level of security is to encrypt the pdf
copy of the form so only specific individuals with digital IDs can
read/print them. Sounds like overkill to me, but I'm confident that it
will be as secure as most of the stuff at the NSA (National Security
Agency).
In summary, a person would have to be granted assess to TroopMaster to
get to the link. When the user clicks on the button/link to the form,
the user is taken to the server directory where the form is stored. He
is challenged for a username/password. If the user correctly enters
the username/password, he/she would not get access to the pdf file if a
digital ID on the form has not previously been established for that
person. That's about three levels of security.
I've looked at as much BSA info as available regarding medical
information, but I have yet to spot any reference to guidelines
regarding the electronic storage and access to that information. If
this bridge has been crossed before, I'd like to see a guideline or
best-practice, or somehow obtain a documented "non-objection" from
someone within BSA.
Can anyone in this group give me some direction on this?
Thanks.
Rick
.
- Follow-Ups:
- Prev by Date: More Boy Scout Inspirational Videos
- Next by Date: Re: Electronic Storage of Class 1/ 2 Medical forms... "Best Practice"?
- Previous by thread: More Boy Scout Inspirational Videos
- Next by thread: Re: Electronic Storage of Class 1/ 2 Medical forms... "Best Practice"?
- Index(es):
Relevant Pages
|
