As an advocate and as a patient, I have my issues with electronic medical records (EMRs). It never seems to fail that results from the previous doctor’s visit are missing from the chart-Did they forget to enter them or are they lost in cyber space? Tests that were suppose to be available for the specialist at the other hospital aren’t there or the computer system is down and so it goes. However, this past week I learned of a different but very disturbing story from someone that I’ve been an advocate for on numerous occasions.
Long story short, a resident placed a note in their EMR, which is not correct. Since this is electronic, they are a lot more concerned. As the person described it, “a teenager could hack into that hospital’s system. If this information fell into the wrong hands, I could loose my job.”
How realistic are these fears? What protections are there? What should you do if incorrect information is included in your medical record?
Survey after survey shows that Americans don’t trust the EMR. Were paper records safer? These aren’t easy questions to answer as there are examples of breaches in confidentiality for both methods. Ultimately though, like it or not, EMRs are here and that’s the situation we’re faced with. So ......
Things to consider:
• Use a personal health notebook so that missing information doesn't create a problem, or in the event of an emergency, you’ll have the information at the ready. A friend sent me a free app for HealthspekPHR-Personal Health Record. Can’t vouch for it, but since many people are using smart phones, and this is supposedly free, this might be a good app to check out.
• To the question of “can an EMR system be hacked?” Given what’s hacked on any given day, the answer is “yes.” That noted, EMR systems use data encryption to protect the records. Data encryption technology protects EMR systems while they are stored and while they are being transferred, ensuring that only the intended recipients are able to view them. There are other EHR security systems that health providers typically have on their computer networks, including firewalls to prevent unauthorized access. EMRSafety: Are My Medical Records Truly Safe?
Federal law requires doctors, hospitals, and other health care providers to notify you of a “breach.” The law also requires the health care provider to notify the Secretary of Health and Human Services. If a breach affects more than 500 residents of a state or jurisdiction, the health care provider must also notify prominent media outlets serving the state or jurisdiction. This requirement helps patients know if something has gone wrong with the protection of their information and helps keep providers accountable for EHR protection. Privacy, Security and Electronic Health Records, Office for CivilRights.
• Who can access my medical records? Under the Health Insurance Portability and Accountability Act (HIPAA), patients have the right to know how their computerized medical records are used and providers are required to seek patient permission before disclosing their personal health information to third parties (insurers, other health providers and health care clearinghouses) in most circumstances. Note, “You do not have the right to access a provider’s psychotherapy notes. Psychotherapy notes are notes taken by a mental health professional during a conversation with the patient and kept separate from the patient’s medical and billing records. The Privacy Rule also does not permit the provider to make most disclosures of psychotherapy notes about you without your authorization.” Medical Records Office for Civil Rights
There are exemptions to HIPAA privacy rights under certain circumstances. In addition, life insurers, employers and some school districts are exempted from these laws. Government agencies such as Medicare or the Social Security Administration may examine your medical records for purposes of establishing eligibility for certain programs. Who hasaccess to my medical records?
To learn more on this topic, go to the government’s website Guidance Materials for Consumers.
• Under HIPAA you have the right to read your medical record. Your medical provider, including hospitals, have 30 days within which to provide you a copy of your record after you request it. If you have concerns, you can request that amendments be made. If your health care provider accepts your request to amend your record, they must add the information to your record. If your provider denies your request to amend, they must tell you. You then have the right to add a short statement to your record that explains your position.
The take home point is this: Know what’s in your medical record. Make adjustments to it as you see fit and keep your own personal health record.