Protecting the privacy of our patients’ medical information is a legal and professional mandate for our clinicians.
In our digital world, protecting the privacy of patients’ medical records is increasingly difficult and requires more attention and diligence than ever before. To that end, Main Line Health acquired software called FairWarning to audit Main Line Health’s electronic medical record for potentially inappropriate access to our patients’ medical records. In accordance with regulatory requirements (HIPAA) and Main Line Health policy, let me underscore what constitutes appropriate access:
- With limited exceptions for administrative, payment, peer review and quality review reasons, access of any medical record is for patient care only, and only for clinicians with a direct role in the care of the patient.
- Limit your personal use of the electronic medical record to the delivery of patient care, and like any other patient, use the patient portal for read-only access to your medical record.
- Self review of your medical record is permissible but not recommended, since it is a read/write environment and will be monitored for any inappropriate modification of the medical record. Self review is not, however, permitted for Psychiatric and Drug and Alcohol treatment records, which may be released to you only with your signed authorization and in accordance with applicable regulations.
- Written permission is required to access the medical record of family members, friends, coworkers or others who you are not directly treating. Verbal consent without written documentation is not consistent with MLH policy.
- In an accompanying column, Steve Gamburg offers greater detail regarding the significance of thoroughly understanding the nuances of HIPAA.
In an interesting paradox, that need to protect the privacy of medical information is coupled with increased patients’ demand for easy, real-time electronic access to their medical records. Indeed, there is evolving evidence in the literature that giving patients open access to their medical record increases patient engagement and improves patient safety and clinical outcomes, without the negative impact so many physicians worry about.
One of the many reasons Epic was selected as our next electronic medical record was its robust patient portal called MyChart. We will be encouraging all patients to have read-only access to their own medical record through the patient portal. Please encourage your patients to access their medical record through portals as one method to be actively engaged in their care.
Thank you for what you do every day to care for our patients’ health and to safeguard the personal and sensitive information of the entire Main Line Health community.
Andy Norton, MD, is chief medical officer at Main Line Health.