EMR Safety: Are My Medical Records Truly Safe?
Medical records are created, used and stored on your health providers’ Electronic Medical Records (EMR) or Electronic Health Records (EHR) systems. EMR and EHR systems let your providers share up-to-date information about your conditions, treatments, tests and prescriptions. If your providers use EHRs, they can join a network to securely share your medical records with each other.
In 1996, Congress passed the Health Insurance Portability and Accountability Act (HIPAA), in order to offer safe protection for personal health information, including medical records. This law gave patients more control over their health information, set limits on the use and release of their medical records, and established a series of privacy standards for health care providers which provides penalties for those who do not follow these EMR safety and EHR security standards.
HIPAA grants patients several key privacy rights over their EMR safety, which are outlined in this PDF. Patients have the right to view their medical records and can request a copy of their file, which in most cases must be produced within 30 days. Patients also have the right to know how their records are used and can require providers to seek permission before disclosing their personal health information to third parties. In most cases, patients have to be notified if their files are leaked or stolen, but there are exemptions to these rules. If you think that your medical records may have been viewed or received by a person you don’t want to see them, you should contact your health care providers.
EMR safety and privacy rules apply to all medical records stored on computer systems. Note, however, that there are exemptions to HIPAA, since life insurers, employers and some school districts are exempted from these laws.
EMR and EHR systems provide many benefits, including offering the potential to reduce costs and improve the quality of medical care patients receive. These systems are also expected to provide increased security over traditional paper records, since computerized records allow recording everyone who has access to a patient’s information and creating an “audit trail” to track those who have accessed these records.
As with any computerized records, there are concerns about “hackers” stealing patient medical information from online systems. There are several measures doctors and hospitals can take to prevent this, and are required to ensure the medical records and EMR safety under HIPAA.
Typically, EMR systems use data encryption to protect patient medical records. Data encryption technology protects EMR systems while they are stored and while they are being transferred, ensuring that only the intended recipients are able to view them. There are other EHR security systems that health providers typically have on their computer networks, including firewalls to prevent unauthorized access.
Through the privacy standards laid out in HIPAA and the security techniques typically used on today’s computerized health networks, there are several measures in place to help protect the privacy of patient medical records. However, it is important that patients talk with their health care providers about their EMR confidentiality preferences.
Certain parties are exempted from HIPAA requirements, which means some medical information may be shared without a patient’s knowledge. It is important that patients review their health care providers privacy policies and procedures and that they understand how and why their personal records may be used.
Many patients store their own copies of their medical information online using a Personal Health Record (PHR), which is a record with your health information that you or someone helping you organizes and manages. You control the health information stored in your PHR, and you can access it anywhere at any time over the internet using a unique password that you choose. HIPAA security standards and requirements do not necessarily apply to PHR, so be sure to review the security policies and precautions that a PHR uses before entering your medical information.