Maintenance of Medical Records

Maintenance of Medical Records

Patients have a fundamental right to privacy and for physicians and staff to respect their confidentiality (American Medical Association, n.d.). The maintenance of medical records is an important part of providing lifelong, quality care, but breaches of confidentiality can happen when these records fall into the wrong hands, whether intentionally or unintentionally. While this has always been true, the risk of such a breach occurring has been greatly elevated with use of electronic health records (Balestra, 2017).

The use of medical scribes is one gray area regarding non-clinical staff encountering health information. On one hand, the use of the scribes can free up time for providers to engage with patients face-to-face; this is valuable in a time when providers spend more time documenting in the EHR than in patient-facing care (Balestra, 2017). However, scribes (non-clinical staff) are then allowed access to otherwise confidential health information. This might disrupt the provider-patient dynamic;  it’s possible that patients might not fully disclose helpful information in the presence of a third party. As a result, their treatment may suffer (Sulmasy et al., 2017).

Health information should be accessed on a need-to-know basis. As such, there should be few circumstances that warrant non-clinical healthcare staff to have permission to view this information. In the situations where this is warranted, access should be limited to only that information which is needed to complete the task. For example, personnel in the billing department might have access to diagnostic codes, but not narrative notes. It is recommended that clinics define and standardize their workflow prior to selecting and implementing an EHR (Ozair et al., 2015). In doing so, access to necessary parts of the EHR (and those parts only) can be built into the interface for each user depending on their role. In order to protect patient confidentiality, health IT systems should be designed with security as a top priority. Firewalls, data encryption, and two-factor authentication should be used ubiquitously.There should be a clear cut policy delineating the expectations for accessing health information and consequences for users who violate these expectations. Health IT systems should include a mechanism for auditing use. Ideally, the auditor would be able to ascertain who accessed what part of the EHR, when, for how long, and for what purpose.

References:

American Medical Association. (n.d.). Code of Medical Ethics Opinion 1.1.3. Retrieved from: https://www.ama-assn.org/delivering-care/ethics/patient-rights#:~:text=To%20courtesy%2C%20respect%2C%20dignity%2C,and%20costs%20of%20forgoing%20treatment .

Balestra, M. L. (2017). Electronic Health Records: Patient Care and Ethical and Legal Implications for Nurse Practitioners. The Journal for Nurse Practitioners, 13(2), 105–111.  https://doi.org/10.1016/j.nurpra.2016.09.010

Ozair, F.F., Jamshed, N., Sharma, A., & Aggarwal, P. (2015). Ethical issues in electronic health records: A general overview. Perspectives in Clinical Research, 6(2), 73-76.DOI: 10.4103/2229-3485.153997

Sulmasy, L. S., López, A. M., & Horwitch, C. A. (2017). Ethical implications of the electronic health record: In the service of the patient. Journal of General Internal Medicine, 32(8), 935–939.  https://doi.org/10.1007/s11606-017-4030-1