With the rapid foreseeable growth in the adoption of electronic medical records (EMR), health care providers need to be aware of the strict limits under new regulations being implemented to protect medical records.
Put procedures in place – and stick to them.
Providers need to establish detailed procedures to account for medical records. On a patient’s request, the provider must provide an accounting of all health care- and payment-related disclosures of the information for the prior three years.
Obey additional limits on non-health care-related disclosures.
The sale of health information without patient authorization will be prohibited. Many communications that market products or services to individuals will no longer be permissible disclosures. Also, providers must honor patients’ requests to not disclose information to an insurance health plan for payment or health care operations, if the provider has already been paid in full by the patient for the services in question.
Protect yourself with an array of internal safeguards.
Providers must adopt additional safeguards, including:
1. designating a security official;
2. providing employees with appropriate access and training;
3. limiting physical access to EMR systems’ hardware;
4. limiting the people and software that can access electronic health records;
5. putting in place automated audit logs to record EMR access activity; and
6. protecting electronic health records from improper destruction or unauthorized access.
For additional information on EMR or other technology issues, please contact firstname.lastname@example.org.« Back to news