Are my Medical Records Safe? | Patient Resources | MedicalRecords.com
Medical records are created, used and stored on your health providers’ Electronic Medical Records (EMR) or Electronic Health Records (EHR) systems. EMR and EHR systems let your providers share up-to-date information about your conditions, treatments, tests and prescriptions. If your providers use EHRs, they can join a network to securely share your records with each other.
In 1996, Congress passed the Health Insurance Portability and Accountability Act (HIPAA), in order to offer protection for personal health information, including medical records. This law gave patients more control over their health information, set limits on the use and release of their medical records, and established a series of privacy standards for health care providers which provides penalties for those who do not follow these security standards.
HIPAA grants patients several key privacy rights over their medical records, which are outlined in this PDF. Patients have the right to view their medical records and can request a copy of their file, which in most cases must be produced within 30 days. Patients also have the right to know how their records are used and can require providers to seek permission before disclosing their personal health information to third parties. In most cases, patients have to be notified if their files are leaked or stolen, but there are exemptions to these rules. If you think that your medical records may have been viewed or received by a person you don’t want to see them, you should contact your health care providers.
These privacy rules apply to all medical records, including those stored on computer systems. Note, however, that there are exemptions to HIPAA, since life insurers, employers and some school districts are exempted from these laws.
EMR/EHR systems provide many benefits, including offering the potential to reduce costs and improve the quality of medical care patients receive. These systems are also expected to provide increased security over traditional paper records, since computerized records allow recording everyone who has access to a patient’s information and creating an “audit trail” to track those who have accessed these records.
As with any computerized records, there are concerns about “hackers” stealing patient medical information from online systems. There are several measures doctors and hospitals can take to prevent this, and are required to ensure the security of online medical records under HIPAA.
Typically, EMR systems use data encryption to protect patient medical records. Data encryption technology protects electronic records while they are stored and while they are being transferred, ensuring that only the intended recipients are able to view them. There are other security systems that health providers typically have on their computer networks, including firewalls to prevent unauthorized access.
Through the privacy standards laid out in HIPAA and the security techniques typically used on today’s computerized health networks, there are several measures in place to help protect the privacy of patient medical records. However, it is important that patients talk with their health care providers about their confidentiality preferences.
Certain parties are exempted from HIPAA requirements, which means some medical information may be shared without a patient’s knowledge. It is important that patients review their health care providers privacy policies and procedures and that they understand how and why their personal records may be used.
Many patients store their own copies of their medical information online using a Personal Health Record (PHR), which is a record with your health information that you or someone helping you organizes and manages. You control the health information stored in your PHR, and you can access it anywhere at any time over the internet using a unique password that you choose. HIPAA security standards and requirements do not necessarily apply to PHRs, so be sure to review the security policies and precautions that a PHR uses before entering your medical information.
TAKEAWAYS
Federal laws, including HIPAA, require certain security and privacy standards to be followed by EMR and EHR systems. These standards do not necessarily apply to PHR systems, which you can use to store copies of your medical information.
Make sure to ask your health provider if you have any questions about the security of your medical information on an EMR or EHR systems.
In most cases, your health provider must inform you if information is lost or stolen from their EMR systems, but there are exemptions.
If you think that your medical information has been viewed by unauthorized people, notify your health care provider about your concerns.