Electronic health record confidentiality

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Electronic health record medical healthcare systems are developing widely. Things are being moved from the manual ways to automation and the patient records and health records are also being recorded electronically. One important aspect of any health record system is to ensure the confidentiality of the patient information because of its importance in the medical field.

Definition of electronic health record[edit]

In the recent times, the individual patient’s and population’s health information is recorded in form of electronically accessible files known as electronic health records (EHR). These are digital records which can be easily transferred across the internet.[1] A multitude of information is contained within the electronic health including billing information, patient’s weight, age, vital signs, radiology images, laboratory test results, immunization status, allergies, medication, medical history and demographics etc.

Purpose and use[edit]

Regardless of being in a paper form or electronic form, a medical health record is a tool of communication which helps in making clinical decisions, designing regulatory processes, accreditation, education, legal protection, research purposes, service coordination and evaluation of the efficacy and quality of healthcare provided.[2]

Personally Controlled Electronic Health Records Act[edit]

In order to ensure the safe and secure usage of the Electronic Health Records, the Australian government introduced the Personally Controlled Electronic Health Records Act in 2012. The act provides information regarding the rights of patients, obligatory information protection steps by the medical staff and organizations and the steps of registration with reference to the usage of patient’s Personally Controlled Electronic Health Record.[3]

Protecting electronic health records[edit]

Since Electronic Health Records have more of a virtual existence than a physical one, protecting them also requires usage of appropriate technological tools and techniques. The following measures regarding the protection of Electronic Health Records are worth highlighting:

Ensuring the prevention of confidentiality breakage requires the provision of authorized access to the patient’s healthcare information. In order to do so, the following steps could be taken:

  • Installation of a Protective Layer Software or Authorization Management Software.
  • Provision of Username and Passwords for access to users dependent upon their individual needs.
  • Execution of Security Protocols and Password Protection measures including:
    • Password Changing after periodic intervals.
    • Setting rules for minimum number of characters in passwords.
    • Barring from the re-usage of passwords.
  • Installation of Second Tier Verification Systems such as Face Recognition, Bio-metrics Identifier Scan including retina, finger or palm scanning etcetera.[4]

Integrity and security, and consequences of information leakage[edit]

Data theft and alteration has been a major problem in the recent times. Moreover, as far as patient health records are concerned, there are always potential threats of information leakages, data hacking, information destruction, manipulation or even blackmailing of patients by the external or internal users. Since the consequences of Information leaks are comparatively high in contrast to information alterations, one possible way to have information regarding the user of information is to audit information trails.[5] Audit trails refer to keeping information about who had recently used or accessed patient records. Through the usage of audit trails and the above-mentioned security steps, Electronic Health Records could most probably be made the best way of collecting, storing, retaining and using patient health information.


  1. ^ Herman, C. (2004). Nursing BC/Registered Nurses Association of British Columbia, 36(5), 25. Retrieved from http://www.commonwealthfund.org/~/media/Files/Publications/Issue%20Brief/2012/Jul
  2. ^ Given, LM (ed.) 2008, The SAGE encyclopaedia of qualitative research methods, SAGE Publications, Inc., Thousand Oaks, CA, viewed 1 June 2013, doi:10.4135/9781412963909
  3. ^ Australian Government Law. (2012). "Personally Controlled Electronic Health Records Act 2012". N.p. Retrieved from http://www.comlaw.gov.au/Details/C2012A00063
  4. ^ Internet protection tips. (1996). Credit World, 85(1), 29-29. Retrieved from http://search.proquest.com/docview/220748487
  5. ^ Harman, L. & Bond, K. (2012). "Electronic Health Records: Privacy, Confidentiality and Security". N.p. Retrieved from http://virtualmentor.ama-assn.org/2012/09/stas1-1209.html