Electronic Medical Records and Privacy – Oil and Water

recordsI’ve written many times before about electronic medical records, personal health records and privacy.  They can’t effectively be used in the same sentence unless you bring up oil and water, too.  They just don’t mix.

An incident right here in my office spawned this post.  Twice in the past week, a stranger’s medical records have arrived through my fax machine!  They come from an orthopedic practice, are several pages long, and regard a police officer who had back surgery and is not working, collecting worker’s comp.  They are very personal, detailed….

And I should NOT have copies!  The fact that they were sent to the wrong fax number — twice — is a huge HIPAA violation.  Yet, I guarantee you, this happens every day.

Why do I raise this point to you?  Because concerns over privacy and medical records are huge.  But that’s not new !  In fact, when it comes to medical records, regardless of HIPAA laws or anyone’s policies to the contrary, if someone wants your medical records, they can get them.

Here are some additional examples of privacy violations to give you a sense of what I mean:

Further, there are many people who can access our records whether we want them to or not.  They include any payers who will pay on our behalf, such as health insurers or Medicare. Law enforcement personnel can access our records, too, if they believe they need them to prove a case.

What’s the bottom line here? If you want your records to be private, then it is up to YOU to make sure they stay as private as possible.  Especially now that our new president is planning to throw money into the electronic medical records pot.

Our records are going to end up online.  And I believe they should.  It’s efficient, and I believe there are enough ways they can contribute positively to both our health, and our health system, that it’s a smart move.

But that doesn’t mean we patients have to make stupid choices about putting them online ourselves.  There are a handful of PHR programs out there like Microsoft’s health vault and google’s health program, plus others that aren’t beholden to the HIPAA privacy laws. And, very frighteningly, large health organizations are working with these companies to put your records online.  The Cleveland Clinic is working with Microsoft, as is the Mayo Clinic.

So when it comes to making smart choices, begin by making smart decisions about how your records will go online.  Do NOT choose one of the free PHR (personal health records) applications that keep your records online, that does not fall under the auspices of HIPAA.  There are plenty of good PHR storage apps online that charge you a fee, that may be more secure.

You may also want to ask about your doctor’s use of electronic medical records, and how they are being implemented.  Specifically you want to know if the storage mechanism your doctor uses falls under HIPAA’s regulations.  And if they tell you your records are being managed by one of these big conglomerates that are (so called) free?  Personally — I would find another doctor to work with.

Your records will never be completely protected from someone who might want them.  But there’s a difference between letting the medical records cat out the door, and leaving the door open.

Learn more:

Want more tools and commentary for wise patients?
Sign up for Every Patient’s Advocate email tips
– – – – – – – – – – –
Join Trisha in the Patient Empowerment Forum at About.com
– – – – – – – – – – –
Or link here to empower yourself at EveryPatientsAdvocate.com

Trisha Torrey
Scroll to Top