My BuckMD data protected by BuckeyePass – Effective Wednesday, January 3

Cybercriminals’ top priority is a real-life payout. For Ohio State student systems, that means criminals may target your personal health information (PHI). If criminals get your user name and crack your password, they may be able to view your PHI and share information about you that you would prefer not to have shared.

If you have more than one step to log in – more than just your user name and password – your risk is reduced significantly. That’s why we’re adding a multifactor authentication tool called BuckeyePass (link is external) as an extra layer of security for student systems. Extra security protects your personal information stored in My BuckMD.

How does BuckeyePass affect me?

  • BuckeyePass (link is external) will be added to My BuckMD on Wednesday, January 3.
  • BuckeyePass (link is external) requires not only a password and username, but also a second method of authentication that you control. We recommend that you sign up as soon as possible and enroll multiple devices so you have a backup in case your primary device is stolen, broken or unavailable for any reason.

What do I need to do?

The first step is to enroll in BuckeyePass (link is external).  We have found the tool to be reliable and easy to use. We’ve posted a video (link is external) so you can see what the process looks like and how it works.


Information above summarized from:

Would an Advance Directive have helped Marlise Munoz?

Erick & Marlise Munoz

The sad story of Erick and Marlise Munoz has been in the news quite a bit lately.  Marlise lapsed into a brain-dead state in late November.  Marlise and her husband had had conversations regarding such a situation and she had told him that she did not want to be kept alive by machines. 

Such a decision, when put in writing, is called an Advance Directive.  This tells your doctors and other health care workers what type of care you would like should you be unable to make medical decisions.  It can include such things as:

  • If you are brain dead, do you want to be kept alive by machines?
  • If your heart stops, do you want to be resuscitated?
  • If you stop breathing, do you want to be resuscitated?
  • If you are unable to make health care decisions, who is to have durable power of attorney to do so for you?

These are things to be considered when you are healthy and calm.

Marlise had only her husband to communicate her wishes as she had not formally indicated them in an Advance Directive.  Her situation was further complicated due to her 14 week pregnancy and the interpretation of Texas law.  Had Marlise had an Advance Directive, the document could have communicated for her instead of relying on her husband as he was dealing with all of the emotions of such a situation.

The Caring Connections web site ( provides free Advance Directives and instructions for each state.

If you have an Advance Directive, a copy of it can be brought to the Student Health Services Health Information Services department to have it included in your medical record.  Student Health, however, is an out-patient facility and may not have access to your medical records in an emergency situation.  If your heart stops or you stop breathing within our building we will provide basic life support and first aid.  We will request emergency transport (911) and a copy of your Advance Directive will be given to the Emergency Squad to take to the hospital or it will be forwarded as soon as possible. 

Submitted by Tina Comston, M.Ed.

Reviewed by Mary Lynn Kiacz, M.D.

Welcome to campus, New Buckeyes Part II


Get your vaccination

Fall at the Shoe

Here are some more things you can learn about Student Health Services, so that we can be of service to YOU.

Medical Records

We are under strict rules to keep all of your medical information confidential and we take those rules very seriously.  You’ll need to sign an authorization form for us to release your health information to anyone, including your parents.  An authorization form can only be completed for health services that have already been rendered which means that we can’t honor any requests like, “you can just let my Mom have access to my records for as long as I’m at Ohio State.”


Prior to Fall Semester 2015 there were no immunization requirements for most students entering Ohio State.  However, beginning Fall Semester 2015 all new Ohio State University students are required to meet a Vaccination Requirement.  Information on the requirement can be found at:

  • All of these immunizations are available at the Student Health Center if you aren’t able to get them before you start school.  If you can get a copy of your Immunization records, that would be really helpful and keep you from getting immunizations you don’t need.

Allergy Injections

You can get your allergy shots at the Student Health Center while you’re here for school.

  • You need to submit the required paperwork prior to scheduling an appointment.
  • You can bring the allergen vials to the health center yourself or have them mailed to our facility.
  • We will store them for you and we can release them back to you as needed for injections during times away from the university.

These are just a few of the ways Student Health Services can be of service to you.  Come check us out!



Roger Miller, MD (OSU Student Health Services)

Updated by Tina Comston, M.Ed.


Keep your passwords locked up tighter than a chastity belt

In the next quarter or two (or thereabouts) – you will be able to communicate with your health care provider at the Student Health Center via a secure emailing system.  Some of you might already see non-SHS physicians who communicate by email, or have set up secure access to your health information on-line; under the recently passed healthcare reform bill there are incentives aimed at driving all healthcare systems and providers to get your information wired.

In this brave new world, there are all kinds of important security considerations to consider as we move to an all electronic health record.  What if the power goes out?  What if the server goes down? What if that server is hacked?  Who can and can’t have access?  Health care organizations and providers are really struggling with these questions – and many more – as we try to figure out how to migrate your records from paper to pixels.   

Frankly, I’m not completely comfortable with the thought of my personal health information floating around in the clouds, and I’m online pretty much 24 hours a day. I mean, my Visa card information has been has been out there for years… and has been stolen four times in the last six months! (Although I refuse to shut down my Amazon shopping habit – that’s just letting the bad guys win).  My own wonderful doctor has put my info out there on her electronic record.  It’s about as interesting as a shoe box, but still.

With all this in mind, I chanced (via Lifehacker) on a most sobering article:

How I’d Hack Your Weak Passwords | One Man’s Blog

No matter how many real and virtual security guards there are between the world and your health, banking, social, shopping or other personal online information, it’s only as good as your lamest password. Seriously, read the post. Consider that the difference in hackability between a six character lowercase password and an 8 character mash-up is measured in CENTURIES.  And that your email account can be a freeway that exits straight into your bank account. Jeepers.

Must. Change. Password.

Victoria Rentel, MD

My boyfriend is a med student – can he see my personal health information?

Q:  My boyfriend is a medical student.  Can he see my Electronic Health Record?  How would I know?

A:  This is an excellent question, and very timely since this week is Health Information Privacy and Security Week.  (No, I’m not kidding.  Seriously… who comes up with these things?)

Anyway, the answer is a resounding NO, he could not access your personal health information at the Student Health Center.  From a technical standpoint, our EHR system is separate and unconnected to the Medical Center’s, so our records are not accessible to people using the medical center system, like your boyfriend. 

But let’s say you saw a doctor at the medical center, or you got really sick one night and ended up in the ER, or your boyfriend did a rotation with us at the Student Health Center.  Technically speaking, he could access your health records, but he would be risking serious trouble if he did.

There is a federal law called HIPAA (Health Insurance Portability and Accountability Act) that contains privacy and security regulations to protect patient health information.  The HIPAA privacy rule contains a very important standard called Minimum Necessary – healthcare providers may only access personal health information that is necessary to their job.  So your boyfriend could only access your health records if he was directly involved in your care.

If he just snoops around in your chart because he was curious – he’s breaking the law.  If you ask him to check your records to see what the doctor said about you or to get the results of that scan you had at 3 in the morning that you can’t remember because you were puking your guts out – he’s breaking the law.  Let me put it this way.  If he was seen as a patient at the medical center and looks at his own health records, he’s breaking the law.  Unless it’s necessary for him to do his job, he can’t do it.

But let’s say that despite all of these legal and ethical restrictions, your boyfriend just can’t help himself and peeks into your electronic health record.  How would you know? 

The Security Rules of HIPAA require that healthcare organizations monitor the security of consumer personal health information.  Both the medical center and Student Health Services utilize tools that report each and every individual who accesses a patient’s health record.  If we (or the medical center) discover an unauthorized access to your health information, we are required by law to notify you and the Department of Health and Human Services. 

All health care professionals – including medical students – take this stuff very seriously so I’m sure you have nothing to worry about when it comes to your boyfriend checking out your electronic health record.  Now when it comes to him checking out the sunbathers on the Oval, you’re on your own…

Melissa Ames, RHIA, CHPS 

Health Information Manager, Ohio State Student Health Services