Patients and Medical Records 101

As healthcare in the United States continue to develop, the patient’s medical record has evolved from a set of pages held in hard copy in a physician’s office. In most, if not all, healthcare providers nationwide, a patient’s medical record is now a comprehensive set of electronic documents that include records of physician appointments, medical exams, results from testing, scheduled operations and requisite operative notes, and clinical recommendations. In the age of the paper to electronic transition, medical records have increased in complexity — including the levels of authority for which access is granted. It is essential to emphasize that, ultimately, electronic medical records (EMRs) are focused on providing the greatest level of care to the patient. Physicians, clinical personnel, researchers, and administrators are granted access to highly sensitive information in order to act in the best interests of the patient, in clinical and administrative capacities. Yet, as patients are navigating the relatively new world of patient portals, it is important to review the elements that make the EMR critical for the patient to understand.

When discussing EMRs, it is essential to underscore the importance of HIPAA for a patient’s medical record. HIPAA, or the Health Insurance Portability and Accountability Act of 1996, is a law that protects individual medical and health information. All healthcare providers and employees of healthcare providers, including clinical and non-clinical personnel, are required to comply with HIPAA at the federal level. From the patient perspective, this essential translates to: one’s medical information must legally be protected to the highest degree, including encryption, password protection, and the use of anonymization, to circumvent breaches of highly sensitive medical information. Patients should also be aware that HIPAA does not only apply to their physician or nurse — it applies to all staff in the hospital, the third-party vendors affiliated with the provider, health insurance companies, and any other party that may gain access to a patient’s medical information for a legitimate business reason at any point before, during, or after their clinical episode. Essentially, HIPAA is built to protect patients from their confidential and sensitive medical information being shared with inappropriate parties. A high benefit of EMRs is that they facilitate higher compliance with HIPAA, and patient protection more holistically, because EMRs are secured with multiple security methods. Even to commence, the healthcare provider or any individual that attempts to access a patient’s medical information will have to log-in through a secure server. Depending on the EMR platform, the login may also include advanced security features, such as two-factor authentication, biometric ID, or connection to a VPN. Such features ensure that patients’ EMRs are highly protected and only accessible to the appropriate individuals or parties.

In addition to greater security, EMRs allow for medical records to be shared between healthcare institutions in a highly secure manner. Why would medical records need to be shared, necessarily? Pending the patient’s decision, a patient may decide to switch healthcare providers or to seek a second opinion at a different institution. Historically, such a process would result in mailing or faxing secure health information — both of which are non-secure methods — to the new institution. But, with EMR, hospitals and healthcare providers can access Electronic Health Records, which are comprehensive software systems that allow for sharing amongst the healthcare providers. The inclusion of EHRs increases patient engagement in their own clinical journey, as well as highlighting the patient’s autonomy to choose the provider that they prefer for treatment, knowing that their medical information will come with them.

With advancements in technology, medical records will continue to evolve and confer greater advantages to patients, providers, and institutions alike. Patients should be aware of such developments, knowing that one’s medical information is a crucial resource both during medical care, and throughout the rest of one’s life.

Agency for Healthcare Research and Quality. “Electronic Medical Record Systems”. US Department of Health and Human Services. Web.
Garrett and Seidman. “EMR vs EHR – What is the Difference?”. The Office of the National Coordinator for Health Information Technology. Web. 2011.
Kruse, Clemens Scott et al. “Security Techniques for the Electronic Health Records.” Journal of Medical Systems 41.8 (2017): 127. PMC. Web. 18 Sept. 2018.
OCR Privacy Brief. “Summary of the HIPAA Privacy Rule”. Web. 2013.

Share this: