HIPAA and Electronic Medical Records

Chandan Kumar
October 31, 2012 — 1,222 views  
Become a Bronze Member for monthly eNewsletter, articles, and white papers.

The most revolutionary idea in the medical record keeping practice is the introduction of electronic medical records technology. Earlier, before the introduction of electronic medical records system, the records of the patients like their personal details, reports, x-ray reports, scan reports and other billing related information were kept and stored manually. Usually record books and files were used for the same purpose, which in turn made it impossible to access at the time of immense requirement due to its space consuming nature. Apart from that due to the lack of proper privacy law the data with record keeper most often landed in the hand of an ancillary medical service provider, who in turn used these data to sell his goods and services. Same type of discrepancy was also found in case of electronic medical records of that time as well. A proper law in this accord was the need of the hour; otherwise the practice of medical record keeping would curve to a very bad state of distrust. Finally the HIPA Act was introduced. The Privacy Rule and the Final Rule on Security Standards under HIPAA saved the practice of medical record keeping from this evil.

HIPAA or Health Insurance Portability and Accountability Act regulate the issue of privacy related to medical records in US. Health Insurance Portability and Accountability Act was introduced in the year 1996 by the US Congress. The Privacy Rule was introduced in the year 2003 under Title II (two) of HIPAA. This act regulates the privacy issue related to the PHI. PHI or Protected Health Information is any piece of information regarding the health status, personal detail, reports, x-ray reports, billing information of the respective individual. This privacy rule says that the covered entities must give the PHI upon request of the concerned individual within a time frame of one month or 30 days. The PHI of the individual can be used only after his authorization. In a situation where the disclosure of PHI is required the minimum possible exposure has to be considered. The privacy rule under HIPAA also needs the concerned entity to make the communication confidential as per the requirement of the individual. All the paper and electronic medical records used should be notified to the individual as per the use. And if any one feels that his personal confidentiality under the Privacy Law has been breached he can file a complaint against the concerned entity with the Department of Health & Human Services Office for Civil Rights.

HIPAA under its Title II (two) covers the security rule also. The security rule deals specifically with the electronic medical records systems. The rule of security was finally issued on 20th Feb, 2003 which came to effect on 21st April, 2003. The compliance of this security law which started from 21st April, 2005 required three types of security safeguards. These are Administrative, Physical and Technical. For each of the type the Security Law lays different standards. The administrative safeguards are specifically designed policies and procedures to show the compliance of the concerned entity with the act. The physical safeguards are designed to protect the unauthorized inappropriate physical access to the data that is protected, mostly the electronic medical records. The technical safeguards are designed to work along the electronic transmission over network by the concerned entity so as to safeguard the access to the computer systems containing the electronic medical records.

Apart from these concerns, HIPAA also covers the whole medical and health related security issues with its other latest acts like the HITECH Act in 2009.  HITECH stands for Health Information Technology for Economic and Clinical Health Act.





Chandan Kumar