Electronic Health Records: Protecting Patient Data

In an article titled "Patients trust physicians most to protect personal data", writer Pamela Lewis Dolan explores the implications of a January 2011 survey conducted by CDW Healthcare, a health care IT firm. The survey participants were 1,000 adults across the United States who had received care from a physician or hospital in the past 18 months. The survey revealed that 66 percent of patients believe that their physician's office was responsible for protecting the confidentiality of their personal health information (PHI). Forty percent of people surveyed said that electronic health records would impact privacy protections. 

The survey also revealed that patients not only require that their PHI be held securely, but they also believe that health care organizations are responsible for protecting financial information (86 percent), personally identifiable information (93 percent), and any information provided about a patient's family (94 percent).  The CDW group also surveyed 200 physician practices in 2010 and found that 30 percent did not have basic antivirus software protections and 34 percent did not use firewalls. 

As physicians go forward with the adoption of electronic health records (EHR) systems, firewalls and antivirus software should be assessed as part of the adoption process. It is also important to establish a system that continually updates and monitors electronic security needs.

Although firewalls and antivirus software protect your computer system from hackers and viruses, encryption is also important and is often missed. E-mails or other internet correspondence containing PHI sent through common internet providers such as Yahoo and Gmail are not encrypted. Encryption is important because under the Health Insurance Portability and Accountability Act, if data is stolen but is encrypted, the organization is exempt from fines. 

Last year, CAP's Risk Management & Patient Safety Department developed an assistance program with specific risk management specialists acting as EHR consultants. If you have questions or would like assistance with EHR-related matter, contact CAP's EHR consultants by sending an e-mail to consultant4EHR@cap-mpt.com with name, phone number, and CAP physician name. 


Authored by
Ann Whitehead, RN, JD
CAP Risk Management & Patient Safety

 

Published comments of this information should not be considered legal advice applicable to a specific situation. Legal guidance for individual matters should be obtained from a retained attorney.