Saturday, April 16, 2011
Understanding Your Patient Rights with Regards to Electronic Medical Records
Certainly moving patient records from a paper to digital format is a big help to the medical industry. In the past, diagnoses were often made without taking into account the patient’s medical history. You add on top of this the number of specialist physicians and patient relocations and it’s no wonder that the paper trail was so easily lost.
Electronic records don’t come without some amount of controversy though. Given the difficulty of maintaining private electronic records of any kind it’s understandable that people should hold concerns and reservations over this technology. While the federal government has tried to assuage concerns over this new use of technology there have been a growing number of reports on the abuses of this system.
In this article we go over what your rights are with regards to electronic medical records and to medical records in general. We lay out what the dangers are in storing medical records electronically, including cases of medical identity theft. We also discuss some of these recent stories and what resources you have available to try and make sure these things don’t happen to you.
The Health Insurance Portability and Accountability Act (HIPAA) is the primary piece of legislature regarding patient privacy rights. Enacted by Congress in 1996, this law has far reaching consequences and HIPAA training is mandated by law for all health professionals. Although it covers a very large range of health care issues, we will be discussing those that are relevant to electronic medical records.
The specific section of this law that concerns us is the HIPAA privacy rule. It defines your medical records as individually identifying health data and refers to it as Protected Health Information (PHI). The law explicitly tries to balance the need between protecting patients’ privacy with the need to protect the public’s health. In doing so it specifically outlines that your personal health records are legally able to be supplied to public health professionals without your consent.
For health care professionals, the Privacy Rule contains these rules:
· To notify patients of their rights and how their PHI is disclosed.
· That health professionals need to be trained in how to keep PHI private.
· Designate positions for handling PHI related matters.
· Establish privacy requirements in contracts with business associates.
· That health professionals need to implement internal procedures in order to keep your records safe.
· Civil and criminal penalties to health care professionals that ignore these safeguards.
· Limits the amount of information released to only what is needed for the study.
With regards to individual patient rights, the HIPAA Privacy Rule contains these provisions:
· Allows patients to find out what disclosures of their medical records have been made. Some exceptions include disclosures with individual authorization, ones related to treatment, and payment and health care operations.
· Gives patients the right to obtain their medical records and request corrections. Exceptions include psychotherapy notes, information for use in civil, criminal, and administrative actions, and PHI that is subject to the Clinical Laboratory Improvement Amendments of 1988. If corrections are requested the requirements are that the records must be identified, a link must be provided to the amendment, the patient must be notified when the amendment is made, and other covered businesses must be informed of the amendment.
· Gives patients the right to control certain disclosures of their medical records.
· Allows patients to receive a notice of when their medical information is shared and with whom.
Despite all of these rules there continue to be instances where health providers are either hesitant to provide patients with records, or records have been maliciously altered. Certainly, with the number of malpractice suits at an all time high, there is a conflict of interest at play here.
Instances Where Health Providers Either Deny or Hesitate to Disclose Information
These complaints haven’t really surfaced in connection with healthy patients, but at times when something has gone wrong. There have been instances of parents being denied the medical records of their children after they have passed away under mysterious circumstances. While HIPAA has allowed health practitioners greater access to your records, there is growing concern that they aren’t providing full disclosure to patients when they are at risk of facing a malpractice suit. Under certain circumstances they are allowed to withhold information, but they must submit in writing why they are doing so.
If you find that you are in this situation there are certain routes you can take. The following lists these various outlets:
· State Medical Boards run by the American Medical Association are known to investigate these issues.
· The Joint Commission on the Accreditation of Health Care Organizations is the body responsible for certifying health care providers and will also investigate these claims.
· The Agency for Health Care Research and Quality investigates certain claims for people who register with them.
· The American Civil Liberties Union has a number of ongoing cases related to patient’s rights.
As of this writing there are no special laws concerning electronic medical records. They are covered the same as paper records, and the primary underlying law is HIPAA. If you have concerns that you are being treated unfairly or in a criminal manner by your health care professionals there are resources available to you. Like many things in life, the more proactive you are in safeguarding your PHI, the less likely you will be to fall victim to abuse.
Posted by Joel Sherman MD at 11:21 AM