Medical Records, Privacy, Accuracy, and Patients' Rights

Medical records are the footprints you make through the medical system. From the moment you are born, your medical records are a chronology of everything that has affected your health or has created a medical problem.

Two decades ago, those records were kept entirely on paper, filed in folders in various doctors' offices and hospitals. Rarely were they called into question, and often they were ignored when new symptoms arose or a specialist was needed for any new medical problems that cropped up.

Electronic Storage

Today, nearly all doctor's office records are being recorded and stored electronically. One doctor on one side of the globe might be able to instantly access the records being kept by a provider located in a different corner of the world. More practically, when a primary care physician refers you to a specialist, your records are transferred electronically before you arrive and can be reviewed on a computer monitor.

This use of technology may seem like a great advance for patients and providers alike, and for the most part, it is. But the advancement of electronic medical record storage has also highlighted and expanded three problems:

1. Privacy/Security: Who can legally access a patient's records and how may they be shared? What happens if medical records fall into the wrong hands?
2. Errors/Mistakes in Patient Medical Records: If mistakes are recorded in a patient's file, they may be replicated through the use of electronic record-keeping.
3. Denials: Covered entities are required by law to provide patients with copies of their medical records, but not all records are provided the way they should be. What processes are in place to be sure patients can get copies of their medical records?

HIPAA

These questions were first addressed in the mid-1990s with the passage of the Health Information Portability Accountability Act (HIPAA). HIPAA is a federal law that required a set of national standards to protect patients' health information from being disclosed without their consent. HIPAA addresses the privacy and security of patient medical records, and the remedies available to patients when those records are not shared correctly or contain errors.

HIPAA laws can sometimes cause confusion among providers, facilities, insurers, and patients when it comes to electronic health records. While electronic records make it easier to share data, they can also be used to violate HIPAA laws or at least the intent of the laws. Concern also exists about security on devices like smartphones and what information can be exchanged among health care providers, patients, and organizations.

Data can be hacked or manipulated, so security systems are needed to protect patient information. For electronic records, HIPAA illustrates a three-tier model of administrative, physical, and technical safeguards. Examples include employing HIPAA consultants (administrative), controlling physical access (physical), and using antivirus software (technical).

It's important to make sure your records are being handled correctly, not falling into the wrong hands, and are shared with you appropriately. Your records, whether they are shared electronically or are simply copied or faxed, can cause problems including denial of insurance, missing out on a job offer, receiving the wrong treatment, or medical identity theft.

What To Do

To help ensure that your medical records are accurate and shared correctly:

• Obtain and keep copies of medical records to know what information is being shared among other providers.
• Review information in the records and correct any errors that are found.
• Complain to the authorities if you are denied access to your records.

Empowered patients understand that monitoring medical records is a right as well as a responsibility.