Nitin Chhoda differentiates between the terms ‘medical records’, ‘health record’ and ‘health information’. The importance of HIPAA laws to protect patient privacy, and how this relates to EMR security is also discussed.
With the advent of electronic medical record, a specialized vocabulary has arisen and it’s confusing to many. The terms are often lumped and used to indicate the same type of document.
While one type can encompass information contained in another, they’re distinctly different.
Therapists would do well to differentiate the three, as one contains sensitive information that can create a breach of privacy and security.
Medical Record, Health Record and Health Information
A patient’s medical record includes a wide variety of information that’s been compiled over an extended period of time by multiple healthcare professionals. It includes prescriptions, therapies, x-rays and tests, along with illnesses, surgeries and notes from any number of healthcare providers.
In contrast, a health record compared to medical record is compiled and maintained by a single healthcare provider. A health record is a comprehensive document that details the treatments provided by a single healthcare professional and are kept by the individual therapist.
Health information is personally identifiable data that’s protected by law to ensure privacy. In 1996, the Health Insurance Portability and Accountability Act (HIPAA) set forth national standards for healthcare providers and institutions of all types for the collection, handling and maintenance of client health information.
HIPAA limits the types of medical record information that can be collected, the way it can be shared, and with whom. There are also restrictions on how much client’s medical record data therapists can use in their marketing endeavors.
Patients must be provided with a copy of their own medical records when they request them in writing. HIPAA also makes provisions for the sharing of client data or medical record among healthcare providers to coordinate care. Generally, client information can’t be sold.
Exceptions for the dissemination of medical record data are made when the data is used for research, public health reasons, or in the event of a company merger. It’s also permissible if the president declares a disaster or emergency, or if a public health emergency is declared by the Secretary of Health and Human Services.
With the transition to electronic medical records, patients and many clinicians have expressed trepidation about the ability to maintain sufficient confidentiality and privacy of healthcare and medical record.
Those doubts and misgivings have prevented healthcare facilities and professionals in all fields to delay the transition to an EMR.
With the deadline of 2014 looming large on the horizon for EMR implementation, the question has been taken out of the hands of therapists. The question facing professionals now is which EMR they should choose.
Security is a primary consideration. Previous generations of providers could simply secure patient information within the office under lock and key. Electronic records require more stringent methods of protection to ensure individual health information and medical record isn’t leaked, stolen or hacked.
Therapists can opt for an on-site server-based system or a web-based solution. Those who select a server-based system are responsible for maintaining a sufficient level of security. With a web-based system provided by a vendor, HIPAA-compliant security is handled by the EMR provider.
Records management and the steps necessary to keep sensitive information secure will play an increasing role in the everyday operation of physical therapy practices for years to come. It’s imperative for therapists to understand the importance of securing medical information and the difference between medical records, health records and health information to avoid the inadvertent release of sensitive and protected data.