| The most revolutionary idea in the medical record | | | | In a situation where the disclosure of PHI is |
| keeping practice is the introduction of electronic | | | | required the minimum possible exposure has to be |
| medical records technology. Earlier, before the | | | | considered. The privacy rule under HIPAA also |
| introduction of electronic medical records system, | | | | needs the concerned entity to make the |
| the records of the patients like their personal | | | | communication confidential as per the requirement |
| details, reports, x-ray reports, scan reports and | | | | of the individual. All the paper and electronic |
| other billing related information were kept and | | | | medical records used should be notified to the |
| stored manually. Usually record books and files | | | | individual as per the use. And if any one feels that |
| were used for the same purpose, which in turn | | | | his personal confidentiality under the Privacy Law |
| made it impossible to access at the time of | | | | has been breached he can file a complaint against |
| immense requirement due to its space consuming | | | | the concerned entity with the Department of |
| nature. Apart from that due to the lack of proper | | | | Health & Human Services Office for Civil |
| privacy law the data with record keeper most | | | | Rights. |
| often landed in the hand of an ancillary medical | | | | HIPAA under its Title II (two) covers the security |
| service provider, who in turn used these data to | | | | rule also. The security rule deals specifically with |
| sell his goods and services. Same type of | | | | the electronic medical records systems. The rule |
| discrepancy was also found in case of electronic | | | | of security was finally issued on 20th Feb, 2003 |
| medical records of that time as well. A proper law | | | | which came to effect on 21st April, 2003. The |
| in this accord was the need of the hour; | | | | compliance of this security law which started |
| otherwise the practice of medical record keeping | | | | from 21st April, 2005 required three types of |
| would curve to a very bad state of distrust. | | | | security safeguards. These are Administrative, |
| Finally the HIPA Act was introduced. The Privacy | | | | Physical and Technical. For each of the type the |
| Rule and the Final Rule on Security Standards | | | | Security Law lays different standards. The |
| under HIPAA saved the practice of medical | | | | administrative safeguards are specifically designed |
| record keeping from this evil. | | | | policies and procedures to show the compliance of |
| HIPAA or Health Insurance Portability and | | | | the concerned entity with the act. The physical |
| Accountability Act regulate the issue of privacy | | | | safeguards are designed to protect the |
| related to medical records in US. Health Insurance | | | | unauthorized inappropriate physical access to the |
| Portability and Accountability Act was introduced | | | | data that is protected, mostly the electronic |
| in the year 1996 by the US Congress. The | | | | medical records. The technical safeguards are |
| Privacy Rule was introduced in the year 2003 | | | | designed to work along the electronic transmission |
| under Title II (two) of HIPAA. This act regulates | | | | over network by the concerned entity so as to |
| the privacy issue related to the PHI. PHI or | | | | safeguard the access to the computer systems |
| Protected Health Information is any piece of | | | | containing the electronic medical records. |
| information regarding the health status, personal | | | | Apart from these concerns, HIPAA also covers |
| detail, reports, x-ray reports, billing information of | | | | the whole medical and health related security |
| the respective individual. This privacy rule says | | | | issues with its other latest acts like the HITECH |
| that the covered entities must give the PHI upon | | | | Act in 2009. HITECH stands for Health |
| request of the concerned individual within a time | | | | Information Technology for Economic and Clinical |
| frame of one month or 30 days. The PHI of the | | | | Health Act. |
| individual can be used only after his authorization. | | | | |