Wednesday, December 4, 2013

Electronic Health Record Privacy

Electronic health records--the collection of data from health care providers, laboratories and hospitals that is stored in computers--have proven invaluable in decreasing medical errors and reducing health care costs. While there are laws to guard the privacy of these records, many people still worry about how well-protected they are.


Electronic Health Records (EHR) have been around since computers first came into widespread use in the 1960s and were previously called computer-based health records. Initially, the purpose of these records was to help insurance companies and Medicare administrators gather data for administrative purposes, but in 2000 the National Committee for Vital and Health Statistics prepared a report titled "Uniform Data Standards for Patient Medical Record Information" that highlighted the development of EHR to focus more on quality patient care.

How the EHR Differs From the PHR

The EHR includes everything from your date of birth to the name and dosage of most every prescription medication you've ever taken. Clinic notes, X-rays, ER visits---every time you interact in any way with the medical community, it could be included in your EHR. This data all comes from healthcare providers.

The Personal Health Record, including the Surgeon General's "My Family Health Portrait" on-line family history tool, is based on information you---the patient or client---want to include. Google, Microsoft, WebMD and other lesser known Internet companies are also part of this initiative. While the EHR and PHR can be meshed, privacy issues for each may be somewhat different.

How HIPAA Impacts the EHR

The Health Insurance Portability and Accountability Act of 1996---generally known by its acronym, HIPAA---is the basic U.S. law that guards the privacy of your medical record. It restricts who has access to the information in your EHR or any other medical record. You may be asked to sign a form that allows your doctor or dentist to share that information with your insurance company or others. Always read the HIPAA statement and release of information notice before signing. You can choose to limit the information being released to the specific date and type of the treatment you are receiving by writing it into your release form.

Safeguarding Privacy on the Internet

Some Personal Health Records can be set up in such as way that they share information with the Electronic Health Record of the clinic or healthcare provider. While the HIPAA standards still apply to those in the medical community, you are responsible for the privacy of your own PHR, whether you keep it in a drawer at home or store it online. If you choose to do the latter, be sure to carefully examine the privacy policy of your storage site.

More Privacy Initiatives

The U.S. Department of Health and Human Services is the main U.S. government agency that carries out the laws and regulations associated with medical records, including the EHR. But private groups, such as the Healthcare Information and Management Systems Society are also advocating for stronger privacy standards. Among the important issues to resolve: converting paper to electronic records, notifying patients when their records are accessed, the ability to opt-in or opt-out of the EHR, confidentiality and patients' access to their own records.

Tags: Health Record, Electronic Health, Electronic Health Record, health care, Health Records