Who Has Access
All medical records, whether they are stored electronically or in paper files, are protected under the same laws. The Health Insurance Portability and Accountability Act (HIPAA) establishes rules to limit who can access and view a patient’s private health information.
Electronic health records do not make any extra allowances for access. In fact, they include an added layer of security, far exceeding that of paper records, by recording a history of all those who have previously viewed the information. Also, by law, medical info that is stored electronically is required to be encrypted.
Those granted access to records include only those directly involved in the treatment and care coordination of a particular patient, the patient him or herself, and any family member for whom that patient has granted consent. A patient has the right to grant or revoke consent to any new physician he or she may visit.
Health information can also be used to monitor public health, for instance in the case of tracking and reporting a flu epidemic and its demographics, or if injuries are sustained through violence and need to be reported to the police. Certain types of access to health information require specific consent from the patient. These include access by employers, or access related to advertising and marketing.