Are My Electronic Medical Records Private? | MedicalRecords.com

In 1996, Congress passed the Health Insurance Portability and Accountability Act (HIPAA), which created national standards for medical records security. HIPAA laws and regulations were designed to give patients more control over their health care, set limits on the use and access to medical records, and establish a series of privacy safeguards for health care providers. With the transition to EMR/EHRs, patient privacy will continue to fall under these guidelines.

HIPPA laws grant patients several key medical records privacy rights. First and foremost, under the HIPPA privacy rule, patients have the right to view their medical records. Patients may request a copy of their file and in most cases the medical records must be produced within 30 days.

Patients also have the right to know how their medical records are used and can require providers to seek permission before some of their personal information is disclosed.

EMR and HIPAA Regulations

All of these rules continue to apply in the growing EMR/EHR system. More information on medical privacy rights can be found on the Department of Health & Human Services website.

While most proponents of computerized medical records support the potential cost reduction, improved accuracy and ease of sharing EMR/EHRs represent, there are certain benefits that EMR/EHRs could also bring to patient privacy. With computerized medical records,  everyone who accesses medical information can be recorded. In a 2009 report, the Institute of Medicine called for the creation of an “audit trail” to track those who have accessed their electronic patient records. Such oversight has received broad support. With paper medical records, it is much harder to accurately track who has viewed a patient’s file.

Also, with electronic medical records, it is easier to limit data disclosure to essential elements. Reasons for disclosure of medical records are numerous, ranging from treatment needs and insurance checks to employment requirements, but patients do not need to reveal every aspect of their medical information every time. Doctors with properly computerized medical records  can easily remove extraneous health information when disclosing EMR/EHRs.

Note that under HIPAA regulations, life insurers, employers and some school districts are exempted from these medical records privacy laws.

Medical Records Security

Also, some opponents to electronic patient records worry about medical records security due to the threat of hackers. They argue that with the increased availability of data online, electronic medical health records are more likely to fall to a cyber attack.

There are several measures doctors and hospitals take to prevent this. One of the most effective is data encryption. Encryption technology protects electronic patient records while they are being transferred and ensures that only the intended recipients are able to view them. Also, all hospitals and health providers have firewalls on their computer networks. Firewalls are a strong first line of defense for medical records security by blocking unwanted access to the computer networks used by EMR systems.

Through the patient privacy standards laid out in HIPAA and the anti-intrusion techniques common on today’s digital health networks, there are several medical records security measures in place to help protect the privacy of patient medical records. However, to ensure the best possible security it is important that patients talk with their doctors about their patient privacy and confidentiality preferences.

TAKEAWAYS

Most of the rules establishing medical record privacy were created under the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

HIPAA laws and regulations will still apply as more and more medical records go digital.

As with most laws there are certain parties that are exempted, which means some medical information may be shared without a patient’s knowledge.

It is important that patients talk with their doctors to understand how and why their personal medical records may be used.