Medical Records, Privacy, Accuracy, and Patients' Rights

Medical records are the footprints we make through the medical system. From the moment we are born to the day we die, our medical records are a chronology of everything that has affected our health or has created a medical problem.

Until the past few years, those records were kept entirely on paper, filed in folders in various doctors' offices and hospitals. Rarely were they called into question, and often they were ignored when we began to show new symptoms or needed to see a specialist for any new medical problems that cropped up.

Today, more and more of those records are being recorded and stored electronically. One doctor on one side of the globe might be able to instantly access the records being kept by a provider located in a different corner of the world. More practically, primary care physicians refer us to specialists, and before we even arrive at the specialist's office, our records are transferred electronically and reviewed on a computer monitor.

Our footprints are no longer restricted to one folder in one doctor's office.

This new use for technology may seem like a great advance for patients and providers alike, and for the most part, it is. But the advancement of electronic medical record storage has also highlighted and expanded three problems:

1. Privacy/Security: Who can legally access a patient's records and how may they be shared? What happens if medical records fall into the wrong hands?
2. Errors/Mistakes in Patient Medical Records: If mistakes are recorded in a patient's file, they may be replicated through the use of electronic record-keeping. How do we make sure that doesn't happen?
3. Denials: Covered entities are required by law to provide patients with copies of their medical records, but not all records are provided the way they should be. What processes are in place to be sure patients can get copies of their medical records?

These questions were first addressed in the mid-1990s with the passage of the Health Information Portability Accountability Act (HIPAA). It was later amended in 2003. Today, HIPAA addresses the privacy and security of patient medical records, and the remedies available to patients when those records are not shared correctly or contain errors.

But the HIPAA laws are also very confusing and unwieldy. Providers, facilities, insurers, and patients are often confused by the many aspects of the HIPAA laws. Further technology developed to make it easier to share records can also be used to violate the laws or at least the intent of the laws.

The bottom line for patients is that we need to make sure our records are being handled correctly, not falling into the wrong hands, and are shared with us appropriately. Our records, whether they are shared electronically, or are simply copied or faxed, can cause problems ranging from denial of insurance to missing out on a job offer to the wrong treatment to medical identity theft.

• Obtain and keep copies of our medical records to know what information is being shared among other providers.
• Be sure the information contained in our medical records is correct.
• Correct any errors we do find.
• And complain to the authorities if we are denied access to our records.

Empowered patients understand that monitoring our medical records is a right we have, and a responsibility, too.