Privacy & Security
Individually identified health care information is private and that privacy is protected by federal law. In 1996, Congress enacted the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule to ensure you have rights over your own health information, no matter what form it is in. The government also created the HIPAA Security Rule to require specific protections to safeguard your electronic health information. A few possible measures that can be built in to EHR systems may include:
“Access control” tools like passwords and PIN numbers, to help limit access to your information to authorized individuals.
“Encrypting” your stored information. That means your health information cannot be read or understood except by those using a system that can “decrypt” it with a “key.”
An “audit trail” feature, which records who accessed your information, what changes were made and when.
Finally, federal law requires doctors, hospitals, and other health care providers to notify you of a “breach.” The law also requires the health care provider to notify the Secretary of Health and Human Services. If a breach affects more than 500 residents of a state or jurisdiction, the health care provider must also notify prominent media outlets serving the state or jurisdiction. This requirement helps patients know if something has gone wrong with the protection of their information and helps keep providers accountable for EHR protection.
To learn more, visit www.hhs.gov/ocr/privacy/