our health records are arguably one of the most private documents about yourself. They contain not only your general information such as name, date of birth, address, etc. But they also contain almost every detail about your health such as the diagnoses you have received, procedures you have undergone, and all the medications you take.
When you go to the doctor or any other health care provider, your medical history will be recorded and kept in a computer and sometimes paper file so the doctor can keep track of any of your symptoms and past conditions.
Over the last few decades, efforts have been made in the medical community to have become a community standard because they are more secure, the streamline the process of getting and reviewing your health information from one provider to the other, and they have the potential to avoid redundant medical tests and incorrect diagnoses by keeping up-to-date and accurate information readily available for providers.
The implementation of electronic medical records also brought a wave of concern regarding how the electronic medical records were going to protect the patient and keep their information confidential and secure at all times.
In 1996 the United States congress enacted Health Insurance Portability and Accountability Act (HIPAA), that among other things, mandates any person, agency or entity on the medical industry that handles your personal health information to keep it secure and confidential.
External link: What Is HIPAA?
Through 18 identifiers, HIPAA lists what kind of information is legally considered personally identifiable information. Any health-related information including diagnoses, lab results, treatment plans, etc. that contain any of the 18 HIPAA identifiers is considered protected health information (PHI) and must be handled according to the law.
These 18 identifiers are:
HIPAA also applies to clinical research; clinical trials or any other kind of research studies that handle either directly or indirectly any PHI, must take special data safety precautions when handling this information. Data for publication, reporting, or correspondence must be made completely unidentifiable prior to release.
In the United States, different states have different laws regarding the extent of the access and ownership each patient has over his or her medical records. In 49 states except New Hampshire, the patient cannot claim legal rights over their medical record, and must follow different rules to obtain them.
Some doctor offices upload patient’s medical records to a secure web portal where the patient can access his or her record. However, doctors are not obligated to do this nor to disclose the entirety of the patient’s record.
However, with the exception of psychiatry and psychotherapy notes, which you don’t have the right to access, in all states youhave the right to request a copy of your medical records and they must be provided to you. Also, providers also must ask your explicit permission before sending your records to another medical provider or third party.
External link: Your Medical Records
Though the privacy rules under HIPAA were implemented to keep your medical and personal information confidential and secure, only healthcare providers and third parties doing business with them are mandated to follow HIPAA rules.
This means that if you request your health information and want to keep it for your own personal records, you should be very mindful of how and where you will be storing it to keep it private and secure at all times.
Here are some tips on how to keep your health records secure: