In 1996, Congress passed the Health Insurance Portability and Accountability Act (HIPAA), which created national standards for medical records security. HIPAA laws and regulations were designed to give patients more control over their health care, set limits on the use and access to medical records, and establish a series of privacy safeguards (including EMR privacy) for health care providers. With the transition to EMR systems, patient privacy will continue to fall under these guidelines.
HIPAA laws grant patients several key medical records privacy rights. First and foremost, under the HIPAA patient privacy rule, patients have the right to view their medical records. Patients may request a copy of their file and in most cases the medical records must be produced within 30 days.
Patients also have the right to know how their medical records are used and can require providers to seek permission before some of their personal information is disclosed.
EMR and HIPAA Regulations
All of these rules continue to apply in the growing EMR systems. More information on EMR privacy rights can be found on the Department of Health & Human Services website.
While most proponents of computerized medical records support the potential cost reduction, improved accuracy and ease of sharing EMR/EHRs represent, there are certain benefits that EMR systems could also bring to patient privacy. With computerized medical records, everyone who accesses medical information can be recorded. In a 2009 report, the Institute of Medicine called for the creation of an “audit trail” to track those who have accessed their electronic patient records. Such patient privacy oversight has received broad support. With paper medical records, it is much harder to accurately track who has viewed a patient’s file.
Also, with electronic medical records, it is easier to limit data disclosure to essential elements. Reasons for disclosure of medical records are numerous, ranging from treatment needs and insurance checks to employment requirements, but patients do not need to reveal every aspect of their medical information every time. Doctors with properly computerized medical records can easily remove extraneous health information when disclosing EMR.
Note that under HIPAA regulations, life insurers, employers and some school districts are exempted from these EMR privacy laws.
Medical Records Security
Also, some opponents to electronic patient records worry about EMR privacy and security due to the threat of hackers. They argue that with the increased availability of data online, electronic medical health records are more likely to fall to a cyber attack.
There are several measures doctors and hospitals take to prevent this. One of the most effective is data encryption. Encryption technology protects electronic patient records while they are being transferred and ensures that only the intended recipients are able to view them. Also, all hospitals and health providers have firewalls on their computer networks. Firewalls are a strong first line of defense for medical records security by blocking unwanted access to the computer networks used by EMR systems.
Through the patient privacy standards laid out in HIPAA and the anti-intrusion techniques common on today’s digital health networks, there are several medical records security measures in place to help protect the privacy of electronic patient records. However, to ensure the best possible security it is important that patients talk with their doctors about their patient privacy and confidentiality preferences.