If their medical records become online, there would be no safeguarding measure to protect or delimit the personnel who could readily access it. EHR could be subject to hacking by unauthorized individuals as all that protects it from them is a simple username and password. If this is so as well, their medical records are not only made available for doctors, pharmacists and other practitioners of medicine, but to virtually anyone. Drug manufacturers could access their patient’s history to be used for research and product development even without their patient’s explicit consent.
Crucial information like the specific type of disease could be exploited for fundraising activities or other schemes that are only targeted by different medical companies for profits. With the development of this system, consumers are also allowed to view their own records and, even make changes if there are errors, all for an access fee. This means that consumers themselves could manipulate their medical records to suit their own purposes (i. e. removing certain ailments that might lower their chances in job application).
Information gleamed from these records without proper authorization could be very harmful to an individual. Actually, any information regarding a patient receiving medical attention is considered private and confidential. According to the privacy rule of the Health Insurance Portability and Accountability Act (HIPAA), Protected Health Information (PHI) includes everything, rather broadly at that, that concerns a patient’s medical history. This includes mental and physical condition of the patient, both present and past as well as all of the provisioned care administered to the said patient.
It even includes all information regarding the payment of such provisions that transpired between a patient and the medical institution that s/he is associated with (45 CFR 164. 501). So in essence, every minute detail in a patient’s medical record is held confidential under the rule of law and thus must be protected from unauthorized utilization. To be able to render quality services to the patients, I recommend establishing a sound reputation when it comes to handling medical records. You could do this by affiliating yourselves with privacy ensuring sites like TRUSTe.
org. Since online transaction really entails a great deal of risk when it comes to information theft, being rewarded, for example, with a TRUSTe seal assures customers of the privacy and security of vital information contained in their medical records. It is also wise to disseminate information to your patients regarding the nature of electronic health records so that they could take necessary precautions for themselves. There are products that they can avail themselves of to protect their own medical records.
Nifty gadgets like portable emergency medical record holders from companies like SGMS Corporation could really help secure a patient’s and his or her family medical records safe and secure. It will also be to your organization’s benefit to educate the patients regarding the laws that are already enacted to help secure their electronic health records like HIPAA. Organize seminars and conferences to better spread the message of caution. For example, when being asked for consent (i. e. waivers) about releasing a patient’s medical records, teach them to be meticulous about what they sign.
Advice them against signing “blanket waivers” that are not specific about what records they want to share and just do so in a general way. Specify things like releasing to a particular doctor (who will be accountable to any exchange of information that would take place without your knowledge), or releasing only that records that are necessary for a specific type of ailment. As an organization, the patient’s welfare should be our top priority, therefore it is our responsibility to provide them the necessary information so that they may do their part well when it comes to upholding medical record security.
Laws can only do so much and without the proper education, loopholes could be easily taken advantaged of by external agencies which may not have a patient’s interest at heart. References Health and Fitness. (2006, March). Retrieved December 16, 2007, from ConsumerReports. org: http://www. consumerreports. org/cro/health-fitness/health-care/electronic-medical-records-306/overview/index. htm Code of Federal regulations (2003, April). Retrieved December 16, 2007 from http://frwebgate. access. gpo. gov/cgi-bin/get-cfr. cgi? YEAR=current&TITLE=45&PART=164&SECTION=501&SUBPART=&TYPE=TEXT]]>