What You Need To Know About EHR
_{February 12, 2018}

Gone are the days when your healthcare provider are using the old schooled paper charts, literally speaking.

Nowadays, the industry is moving from paper records to electronic health records (EHR). Your EHR may contain medical history, medical notes of your physicians as well as other information such as your symptoms, diagnoses, medications, laboratory results, vital signs, immunizations, and reports from your diagnostic tests such as X-rays.

The following benefits are the mostly likely reasons for keeping these formats of your health information:

1. Quality of Care is improved. Your doctor is now able to use HER and securely share it with other doctors, hospitals and health plans. It does make it easier for everyone to work together and make sure that you are getting the reliable and fast care that you need.
2. Medical Care becomes more efficient. Your doctor will find it easier to share your lab results with other physicians. Consequently, your tests such as your X-rays and/or lab exams don’t have to be repeated saving you from unnecessary costs as well as less risks from radiation and other side effects.
3. Medical Care becomes more convenient. EHR can alert providers to contact and remind you when it is time for certain screenings. When information can be shared amongst your healthcare providers, pharmacies, laboratory and other members of your healthcare team, you won’t need to fill out the forms again nor wait for paper records are passed from one healthcare provider to another.

With all of these, we know that the medical workforce can be more mobile and efficient i.e. you doctors can check patient records and test results from wherever they are. These benefits do come with the potential security risk. This is where Health Insurance Portability and Accountability Act of 1996 (HIPAA) comes in.

The Security Standards for the Protection of Electronic Protected Health Information (the Security Rule) establish a national set of security standards for protecting certain health information that is held or transferred in electronic form. The Security Rule operationalizes the protections contained in the Privacy Rule by addressing the technical and non-technical safeguards that organizations called “covered entities” must put in place to secure individuals’ “electronic protected health information” (e-PHI). Within HHS, the Office for Civil Rights (OCR) has responsibility for enforcing the Privacy and Security Rules with voluntary compliance activities and civil money penalties.

Then how EHR is being secured? How is it protected from loss, theft and hacking?

Possible measures that can be built around EHR systems are the following:

1. “Access control” tools like passwords and PIN numbers, to help limit access to your information to authorized individuals.
2. “Encrypting” your stored information. That means your health information cannot be read or understood except by those using a system that can “decrypt” it with a “key.”
3. An “audit trail” feature, which records who accessed your information, what changes were made and when.

What should you do if you think your information has been compromised?

If your data is seen by unauthorized person or people, federal law requires doctors, hospitals, and other health care providers to notify you of a “breach” of your health information.  If a breach affects more than 500 residents of a state or jurisdiction, the health care provider must also notify major media outlets serving the state or jurisdiction. This requirement helps patients know if something has gone wrong with the protection of their information and helps keep providers accountable.

Do note that securing EHRs is just one piece of the vast HIPAA compliance puzzle. For more information about your health information privacy rights, visit www.hhs.gov/ocr/privacy.