Skip to Content (press Enter/Return)
preview

Privacy Concerns With Electronic Medical Records

explanatory Essay
1923 words
Open Document
1923 words
  • Small
  • Normal
  • Large
  • Huge
bookmark

Prior to the Information Age, medical records were all stored in folders in secure filing cabinets at doctor’s offices, hospitals, or health departments. The information within the folders was confidential, and shared solely amongst the patient and physician. Today these files are fragmented across multiple treatment sites due to the branching out of specialty centers such as urgent care centers, magnetic resonance imaging, outpatient surgical centers, and other diagnostic centers. Today’s ability to store medical records electronically has made it possible to easily send these files from one location to another. However, the same technology which can unify the fragmented pieces of a patient’s medical record has the ability to also create a path for privacy and security breaches. This paper will examine how electronic medical records are used, how they are secured, how security is enforced, and what the consequences of security breaches are.

It is important for the purpose of clarity to distinguish the difference between electronic medical records (EMR) and electronic health records (EHR). Electronic medical records are an electronic composition of an individual’s medical history including such components as procedures, past diseases, diagnosis, medications, doctor’s names, and allergies. An electronic health record is an electronic means of documenting a patient’s procedures, diagnosis, billing information, etc. at each care facility (Badzek & Gross, 1999). A movement that was first initiated under the Bush administration, accepted by the Clinton administration, and now embraced by President Obama is the creation of the individual electronic medical record. In 2009 President Obama included $36 billion in the stimulus package to...

... middle of paper ...

...n%20age/315,000%20patients%27%20information%20disappears%20from%20Emory%20Healthcare%20_%20www.wsbtv.com.htm

Dixon, P. MEDICAL IDENTITY THEFT: The Information Crime that Can Kill You, March 3, 2006. World Privacy Forum. Retrieved from http://www.worldprivacyforum.org/pdf/wpf_medicalidtheft2006.pdf on April 24, 2012.

Foreman, Judy (26 June 2006). "At Risk of Exposure”. Los Angeles Times. Retrieved April 23 , 2012.

Gellman, R. Fact Sheet 8a: HIPAA Basics: Medical Privacy in the Electronic Age. Privacy Clearing House. March, 2012. Retrieved April 19, 2012 from http://www.privacyrights.org/fs/fs8a-hipaa.htm.

Health Insurance Portability and Accountability Act of 1996, 42 U.S.C. § 1320d-9 (2010).

Moore, J. Electronic Medical Records Stimulus Package. Dec. 2009, Retrieved from http://www.electronicmedicalrecords.com/emr-stimulus-hitech-act.php on April 19, 2012.

In this essay, the author

  • Explains that prior to the information age, medical records were stored in secure filing cabinets at doctor's offices, hospitals, or health departments. today, these files are fragmented across multiple treatment sites due to branching out of specialty centers.
  • Explains the difference between electronic medical records and electronic health records. both are subject to the same type of security breach.
  • Explains that more than 260 million data breaches have occurred in the united states, including those of health related records.
  • States that hippa was signed into law in 1996 to mandate the security of health related information. the portability component of the law establishes the right for an individual to obtain health insurance despite having pre-existing illnesses.
  • Explains that the privacy rule applies to health insurance plans, health care clearing houses, and providers who transmit health information electronically.
  • Explains that medical identity theft is becoming a large problem in the united states and can have dire consequences not only on someone’s bank account but on their health as well.
  • Explains that the person using the stolen identity begins receiving treatment under the victim's name and adds medical history to their medical record.
  • Explains that a breach of medical records occurred at emory university hospital in atlanta on april 18, 2012 — back up disks of 315,000 patients were missing, along with 228,000 social security numbers.
  • Explains that hippa mandates that entities providing health care or handling heath care plans develop and implement policies and procedures consistent with the privacy rule.
  • Explains that if an entity covered by hippa is found to not be compliant with any portion of the privacy rule, the department of health and human services may impose civil penalties of $100 per failure.
  • Opines that electronic medical records provide for less storage space, faster consulting between physicians, easier billing and faster reimbursement of insurance companies, efficient treatment of patients, and an easier way for person's to view and track their medical record.
  • Cites breach report 2010, redspin inc., and badzek, l. and gross, g. confidentiality and privacy: at the forefront for nurses.
  • Explains that 315,000 patients' information disappears from emory healthcare. wsbtv.
  • Cites dixon, p. medical identity theft: the information crime that can kill you. world privacy forum.
  • Cites foreman, judy, and moore, j. electronic medical records stimulus package.
Get Access
Check Writing Quality
Related
  • analytical
  • explanatory
  • opinion
  • Electronic Health Records
    analytical essay
    In the 2004 State of the Union Address, President George W. Bush stated “within the next 10 years, Electronic Health Records (EHRs) will ensure that complete health care information is available for most Americans at the time and place of care (U.S. Government)”. In order to encourage the widespread implementation of EHRs and to overcome the financial barrier to doing so, the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 set aside $27 billion in incentives to be distributed over a ten-year period for hospitals and healthcare providers to adopt the meaningful use of EHRs (Encinosa, 2013). In 2011, the Centers for Medicaid and Medicare Services (CMS) implemented the Meaningful Use (MU) Incentive Program. In order to qualify for incentive payments under MU, providers must attest to meeting specific quality measures thresholds each year consisting of three stages with increasing requirement at each stage.

    In this essay, the author

    • States that the hitech act of 2009 set aside $27 billion in incentives to be distributed over a ten-year period for hospitals and healthcare providers to adopt meaningful use of ehrs.
    • Explains that the meaningful use incentive program was designed to ensure that ehrs are implemented and used in the appropriate manner by increasing healthcare quality while lowering healthcare costs.
    • Explains that there is very little evidence on whether meaningful use incentive program or electronic medical records actually improve the quality of care. there is limited research focusing on the benefits of mu and ehrs.
    • Explains the benefits of meaningful use incentive program, such as lowering mortality rates for cardiovascular conditions, improving process quality, and improving provider productivity.
    • Argues that hospitals with lower baseline quality will experience the benefits of mu. ehrs should be able to ensure quality sustainability not on quality improvements.
    • Explains that electronic medical records reduce healthcare costs by reducing overutilization of healthcare resources. physician utilization of an emr is associated with ordering less lab tests and less radiology procedures.
    • Argues that cms should re-evaluate mu before providers are penalized for not meeting core measures in 2015. meaningful use and ehrs should reduce healthcare costs and improve quality.
    • Argues that cms should examine quality reports from all physicians that began the mu incentive program in 2011 and compare their reports for 2011, 2012, and 2013. if quality declines from year to year, the meaningful use program should reconsider their core measures.
    • Opines that cms should also compare the amount of money spent on healthcare in 2011, 2012, and 2013.
    • Opines that mu and ehrs are not reevaluated in terms of quality and cost savings, and healthcare managers could face a difficult situation where this new technology may not be effective in improving patient care or reducing costs, but must be invested in anyway to receive full compensation from cms.
    • Opines that there is little evidence that investing in electronic health records and implementing the meaningful use incentive program will improve the quality and reduce the costs of the united states healthcare system.
    • Cites appari, johnson, eric, and anthony, d. meaningful use of electronic health record systems and process quality of care: evidence from a panel data analysis of u.s. acute-care hospitals.
    • Cites the white house's a new generation of american innovation.
    • Describes encinosa, jaeyong, furukawa, et al. (2013). electronic medical records and efficiency and productivity during office visits.
    • Explains that quality measurement of medication monitoring in the "meaningful use" era.
    1427 words
    Read More
  • Current Status of the Electronic Health Records in the United States
    explanatory essay
    For years now, the healthcare system in the United States have managed patient’s health records through paper charting, this has since changed for the better with the introduction of an electronic medical record (EMR) system. This type of system has helped healthcare providers, hospitals and other ambulatory institutions extract data from a patient’s chart to help expedite clinical diagnosis and providing necessary care. Although this form of technology shows great promise, studies have shown that this system is just a foundation to the next evolution of health technology. The transformation of EMR to electronic heath record system (EHR) is the ultimate goal of the federal government.

    In this essay, the author

    • Explains that the healthcare system in the united states has managed patient's health records through paper charting, but electronic medical record (emr) system has helped healthcare providers, hospitals and other ambulatory institutions extract data from a patient’s chart to help expedite clinical diagnosis and provide necessary care.
    • Explains that the electronic health system allows universal access to health records by all healthcare professionals providing care to a particular patient.
    • Explains that the federal government encourages healthcare providers and healthcare institutions to adopt meaningful use in order to receive incentives from medicare and medicaid.
    • Explains that as patient records grow digital, so does the concern of patient's privacy and security of their health records.
    • Explains friedman, parrish, and ross, d. a. (2013). electronic health records and us public health: current realities and future promise.
    921 words
    Read More
  • Confidentiality of Health Information
    explanatory essay
    In the modern era, the use of computer technology is very important. Back in the day people only used handwriting on the pieces of paper to save all documents, either in general documents or medical records. Now this medical field is using a computer to kept all medical records or other personnel info. Patient's records may be maintained on databases, so that quick searches can be made. But, even if the computer is very important, the facility must remain always in control all the information they store in a computer. This is because to avoid individuals who do not have a right to the patient's information.

    In this essay, the author

    • Explains the importance of computer technology in the medical field.
    • Cites the u.s. department of health and human services' office for civil rights' summary of the hipaa privacy rule.
    • Explains that the use of encryption is mandatory in the security rule.
    • Opines that when should the patient be notified of the existence of computerized databases containing medical information?
    • Describes the questions that should be answered when the computer service bureau destroys or erases records.
    • Explains that electronic health records are important because they protect both the patient and the physician.
    1649 words
    Read More
  • Privacy Rule In Health Administration
    explanatory essay
    HIPPA (Health Insurance Portability and Accountability Act) was put in place by the Federal Government for several reasons; better portability of health insurance for employees, to prevent fraud and abuse within the healthcare delivery system, and simplification of administrative functions associated with healthcare delivery (McGonigle & Mastrian, 2012). Due to sensitive healthcare information being shared federal regulations were also put into place, resulting in the “Privacy Rule” and “Security Rule”. The Privacy Rule limits the use and disclosure of patient information. The Security Rule protects the patients’ healthcare information from improper use or disclosure, to maintain information integrity, and ensure its availability (McGonigle & Mastrian, 2012). Both regulations apply to protected health information (PHI) which is any form of health information that can be used to identify an individual patient. Practitioners who refer to HIPPA are not referring to the act itself but the “Privacy Rule” and “Security Rule” (McGonigle & Mastrian, 2012). It is extremely important to understand these concepts as a student in the clinical setting and how each hospital enforces these concepts. Before starting at any clinical site there is an extensive orientation about HIPPA regarding what is appropriate and not appropriate when it comes to patient information and the repercussions of violating HIPPA. In this paper I will discuss Akron General’s rules and policies regarding their EHR, PHI, EPHI, and social media.

    In this essay, the author

    • Explains that hippa was put in place by the federal government for several reasons, including better portability of health insurance for employees, and to prevent fraud and abuse within the healthcare delivery system.
    • Explains that akron general medical center students are allowed access to their ehr, mckesson, but the importance of patient information and keeping it confidential is stressed in an eight-hour orientation.
    • Explains that akron general medical center is governed by the hippa privacy rule on how they can use and disclose confidential patient information.
    • Explains that akron general medical center has password protection on all access to ephi and protects portable devices from theft or loss. all usernames and passwords used by students and staff are considered their electronic signature.
    • Explains that students are strictly prohibited from posting or referencing patient information on social media sites. anyone that violates hipaa may be subject to fines and penalties, including jail time.
    • Opines that it is important to understand hipaa, the privacy rule, and security rule before entering any healthcare setting.
    829 words
    Read More
  • The Health Insurance Portability and Accountability Act of 1996
    opinion essay
    The Health Insurance Portability and Accountability Act of 1996 (HIPAA) affects every aspect of health care from patient privacy to insurance coverage. The federal act was first passed in 1996, yet the first major rule did not go into effect until 2003, protecting patient privacy. HIPAA ultimately came into effect due to the issues regarding patient privacy, security and coverage. Another major concern for both health care workers and the public was the exchange of patient information from one facility to another. Until the relatively recent decision to enforce HIPAA, a patient’s medical record was primarily recorded and maintained on paper and stored in locked cabinets or drawers. Not only was this method inefficient, but patients were also starting to become increasingly concerned over the privacy of these documents.

    In this essay, the author

    • Explains that the health insurance portability and accountability act of 1996 (hipaa) affects every aspect of health care from patient privacy to insurance coverage.
    • Explains that congress called for a more standardized approach in regards to storing patient information. under hipaa, the standard system would increase flexibility when communicating between hospitals, clinics, and insurance companies.
    • Opines that hipaa's intent was to improve all aspects of health care, but there have been both advantages and disadvantages.
    • Explains that hipaa tightened the parameters surrounding patient privacy by enforcing electronic files that obtain and maintain patient information. however, time has proven that this is not always the case.
    • Explains that patients are able to learn the rules and regulations of hipaa to protect their privacy and their rights.
    • Recommends that healthcare-related facilities and companies adhere to risk assessments, security incident planning, employee training, and updating security and privacy policies and procedures.
    • Explains that nurses are an entity to hipaa because they can gain access to patient information. nurses can be terminated from their job for a violation and the healthcare provider may face jail time or fines up to $250,000.
    • Cites the department of health's hipaa: health insurance portability and accountability act.
    • Explains the hipaa portability training & certification program.
    1043 words
    Read More
  • The Technological Feasibility of HIPAA Requirements
    explanatory essay
    The Health Insurance Portability and Accountability Act of 1996, or HIPAA, is a law designed “to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes.”1 HIPAA mandates that covered entities must employ technological means to ensure the privacy of sensitive information. This white paper intends to study the requirements put forth by HIPAA by examining what is technically necessary for them to be implemented, the technological feasibility of this, and what commercial, off-the-shelf systems are currently available to implement these requirements.

    In this essay, the author

    • Explains that the health insurance portability and accountability act of 1996, or hipaa, is a law designed to improve portability of health insurance coverage in the group and individual markets.
    • Explains that bill clinton signed hipaa into law on july 21, 1996. it was passed partly because of the failure of congress to pass comprehensive health insurance legislation earlier in the decade.
    • Describes administrative simplifications to increase the effectiveness of health care in the us.
    • Encourages administrative simplification (in the form of digitalization of information) to help reduce costs.
    • Explains that the privacy rule sets forth definitions for different types of information and allows certain things to be done with each of the types.
    • Explains that health information is considered de-identified when it does not identify an individual and the covered entity has no reasonable basis to believe that the information can be used to identify a person.
    • Explains that views allow users to examine only parts of tables instead of the whole thing. in order to guarantee that information was de-identified, the database designer (or maintainer) could create a view that would allow patients to see medical information stripped of 17 identifiers.
    • Explains that limited data sets are essentially a more informative, less restricted version of de-identified health information.
    • Explains that data can be released if it aides public health (e.g. statistics about a disease, de-identified patient data).
    • Explains that audit control systems require that accesses (reads and writes) to the database be logged with the information of who accessed what, when, and from where.
    • Explains that the most widely used technologies for hipaa include asps (application service providers) and vpns.
    • Opines that hipaa is a technologically feasible piece of legislation. although there are some shortcomings, products like ngscb and other programs that utilize more hardware-based cryptographic abilities will cause this domain to be ever more secure.
    • Explains that if two disks crash simultaneously in a block-interleaved distributed parity raid setup, data will most likely be lost.
    • Explains that even though hipaa was singed into law over seven years ago, its effects are mostly being felt now because of its schedule of compliance.
    • Explains that the delay stems from a provision in the original act stating that if congress did not specify certain regulations by the end of 1999, the department of health and human services had to write up the regulations and give companies the chance to implement them.
    • Explains that phi must be kept private unless patients sign detailed and specific patient authorizations that allow data to be used by other parties.
    • Defines iihi as any subset of health information, including demographic information collected from an individual, that identifies the individual or is cause for a reasonable basis to believe that the information could be used to identify individuals.
    • Explains geographic subdivisions smaller than a state, including street address, city, county, precinct, zip code, and equivalent geocodes, except for the initial three digits of zip codes to 000; and all elements of dates for dates directly related to an individual.
    • Explains the attention to technological detail (e.g. ip addresses) that these criteria have. limited data sets can be enforced the exact same way as de-identified health information.
    • Opines that the bill provides federal protections for the privacy of protected health information and sets a lower bound on protection.
    • Explains that databases storing health information must have a data backup plan, disaster recovery plan and emergency mode operation plan. off-site backup/storage facilities are essential.
    • Explains that microsoft's next-generation secure computing base (ngscb), based on the trusted computing module, has many of the technological features that will help ensure technological security of information.
    • Explains that ngscb has a very good, built-in way of dealing with authentication: attestation. attestation uses hardware based encryption secrets as well as certain other attributes to determine if users are who they say they are.
    • Explains that a covered entity must limit protected health information to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request.
    • Explains that the health care industry relies on asps to provide hipaa-compliant services. instead of licensing their software, they rent it out, and are responsible for upgrading and maintaining their systems.
    • Explains that vpns are private networks setup using the infrastructure of public networks. they are useful for helping with hipaa because they link covered entities with their asps.
    • Explains that the problem with the security of information stems from human errors, human oversight, and bad intentions. hipaa outlines procedures to minimize this problem through employee training and federal punishments.
    • Cites avi silberschatz, korth, henry, and sudarshan, s., database system concepts (4th edition) (new york: mcgraw-hill, 2002).
    3082 words
    Read More
  • HIPAA Compliance Essay
    opinion essay
    Our ultimate goal is to keep all clients safe from harm, by protecting their health and privacy to the best of our capability. Knowingly, there is no end to data breaching. Having the intense knowledge and understanding of how to minimize that affect will help save thousands of patients’ identities from disablement. Prevention is key. Professionals need to treat EHR as HIPAA i.e. tablets, laptops, cellphones used in healthcare settings continually locked when not in use. A healthcare professional must keep all of their passwords private from family, friends, and social media without exception. Nurses also need to change their password as often as viable and follow the recommended HIPAA law of practice. Using common sense and good judgment is important. Safe guarding passwords, being aware of your surroundings at all times and learning to correctly log in and out of all devices, is valuable in keeping all information stable as possible. Careless misuse of protecting information can cause risk of breaching. Healthcare workers must remain confidential and alert. Hackers remain a threat; however, professional workers can contribute to patients’ protection by daily practice of the right procedures to reduce data breaching. Nurses in today’s technological society must adhere to the policies and procedures to protect patient health records by providing quality care for patients. We stand on the fight

    In this essay, the author

    • Opines that the electronic healthcare records (ehr) should indisputably be secured. the risks of data breaching can happen due to careless acts and misuse of information.
    • Opines that being an advocate takes on high responsibilities in the environment we work in. until identity theft is no longer an issue, we must be vigilant and rely on our knowledge and intuition.
    448 words
    Read More
  • Hipaa Privacy Rule
    explanatory essay
    Today, you have more reason than ever to care about the privacy of your medical information. This information was once stored in locked file cabinets and on dusty shelves in the medical records department.

    In this essay, the author

    • Explains that congress addressed growing public concern about privacy and security of personal health data, and in 1996 passed the health insurance portability and accountability act.
    • Explains that access to your medical records was not guaranteed by federal law. only about half the states had laws giving patients the right to see and copy their own records.
    • Explains that how medical information is used and disclosed must now be given to you. the notice must also tell you how to exercise your rights and file a complaint.
    • Explains that you have the right to know who has accessed your health records for the prior six years. accounting is not required when records are disclosed to persons who see them for treatment, payment, and health care operations.
    • Explains that if they believe a health care provider or health plan has violated their privacy, they have the right to file complaints with dhhs.
    • Explains that you can make special requests specifying how you would like your doctor's office handle confidential communication. you can ask for calls to be made to your home rather than your office.
    • Explains that the hipaa privacy rule only applies to health care providers, health plans, and clearinghouses.
    • Describes the health insurance companies, health maintenance organizations, group health plans sponsored by your employer, and medicare/medicaid.
    • Describes a billing service that takes information from doctors and puts it into standard coded format.
    • Explains that hipaa covers information related to your past, present or future mental or physical health including information about payment for your care.
    • Explains that hipaa uses a "minimum necessary standard" to limit amount of disclosed information. the minimum necessary rule does not apply to information disclosed in connection with treatment.
    • Opines that hipaa requires safeguards to limit the number of people who have access to personal information, but there is no way to count how many people may come across your records.
    • Explains that an employer conducts workplace medical surveillance or evaluates whether you have a work-related illness or injury.
    • Describes the requirements of the u.s. department of state to verify health fitness of employees and their families for foreign duty.
    • Explains that disclosure involves psychotherapy notes (exceptions - if the notes are used for training staff or to defend the doctor or health plan in court).
    • Explains that treatment or health care coverage cannot be denied because you don't sign an authorization.
    • Explains that today's electronic medical records software makes it possible for confidential medical information to be seen by strangers in health care, insurance, and medical organizations.
    • Explains that healthcare businesses must comply with certain administrative requirements including staff training and appointment of a privacy officer.
    • Explains that your private health information may be disclosed to pharmaceutical companies or businesses looking to recall, repair or replace a product or medication. you have no right to sue under hipaa for violations of your privacy.
    • Explains that the exceptions do place conditions on the entity who makes the decision to disclose your "protected health information".
    • Advises that health care providers should keep information left on patients' voice mail systems to a minimum.
    • Explains that pharmacists can talk to you over the counter about your medication, but must take care that others near you do not hear the conversation.
    • Recommends educating yourself about the privacy practices of your health care provider and health plan.
    1950 words
    Read More
  • Electronic Medical Records In Health Care
    opinion essay
    Electronic medical records are a comprehensive development to the health care policy but do demand to be enhanced considerably. EMR’s claim they require exclusive access to be opened but are still accessible and utilized on the hospital Wi-Fi. Today, most hospitals will have their Wi-Fi available to all guests. This makes it easier for a patient’s information to be breached, even if it is on the EMR. Another component that could be improved, is the capability to transfer with the patient. Currently, if the patient leaves providers, their account does not move with them. While this is available on a different electronic record, it is not available on the EMR specifically (Health IT,

    In this essay, the author

    • Opines that electronic medical records are a comprehensive development to the health care policy but do demand to be enhanced considerably.
    114 words
    Read More
  • Confidentiality And Patient Privacy
    opinion essay
    Medical records and their contents have been an important issue concerning privacy for physicians and their patients. A health care reform bill which passed legislation in 1996 is known as the Health Insurance Portability and Accountability Act (HIPAA) had a new rule put into place in 2000, which requires health care physicians and insurance providers to put into place new procedures that would guard patient health information ("Patient Privacy and Confidentiality", 2013).

    In this essay, the author

    • Explains that medical records and their contents have been an important issue concerning privacy for physicians and patients. a health care reform bill passed legislation in 1996 is known as the health insurance portability and accountability act (hipaa).
    • Opines that health care services are beginning to realize that they have a lot of work to do to be in compliance with the current health laws on the state and federal level guidelines.
    • Argues that confidentiality is not a right and has to be stable against counter claims. completeness of health information hurts and unfinished information is usually not worth the cost of collections.
    • Explains that health care ethics, organizational ethics and legal issues have become increasingly familiar phases in our current healthcare system.
    • Opines that the discharge of patient's personal health information outside the extent of what is essential does carriers penalties of personal and business accountability.
    • Opines that a good ethical break down and answer is reliant upon good problem solving and the collecting of facts.
    • Opines that any administrator in the health care field must always be aware of any problem that has happened and be able to foresee any problems that might arise. they must work with staff and keep them up to date with any changes to the way in which they handle patient information.
    949 words
    Read More
Get Access