September 2016

How HIPAA Effects the EMR

As part of Obamacare, healthcare organizations were required to implement an electronic medical record (EMR).  One main concern for healthcare providers and patients is the potential violation of the Health Insurance Portability and Accountability Act (HIPAA).  HIPAA requires the Secretary of the US Department of Health and Human Services (HHS) to regulate and protect the privacy of all American patients.  Additionally, HIPAA regulations further incorporated technical and non-technical safeguards to include the use of the EMR.  More and more physicians are using the EMR for ordering labs, pharmaceutical drugs, and also for all of their patient note taking.  These new entities are making healthcare accessibility mobile and adding on relative risks.  Under HIPAA Security Rule patient’s private health information is protected while allowing healthcare providers to adopt new technologies to improve patient care.  Physicians, nurses, and medical students use the EMR in various rooms of a clinic or a hospital, looking at the same patient, potentiating patient’s privacy rights being ignored.

The security of electronic protected health information (e-HPI) and electronic exchange are specifications of the Administrative Simplification of the HIPAA. These rules expand to the application of health plans, insurance, and transaction of medical records. Under the e-PHI, covered entities are required to:

  • Ensure confidentiality
  • Ensure integrity
  • Ensure accessibility of all e-HPI
    • The medical records of patients that are created, received, maintained, or transmitted.
  • Identify potential threats to security
  • Protect patients against potential threats to their security
  • Inform patients on the potential uses or misuses of the medical records
  • Ensure compliance in the workplace as defined by the government regulations.

Confidentiality is the foundation of all medical practices and should be upheld with integrity in all medical practices.  Improper uses or disclosure of medical records is a violation of HIPAA and healthcare in the United States.  Nonetheless, the consequences should not outweigh the benefits of the EMR in healthcare.  Each healthcare organization that implements the EMR should take their practice’s size, complexity, and capability while making their decision.  The technical portion should also not be overlooked, so the chosen software must be compatible to the organization’s limitations of use.

When an organization chooses to implement a form of EMR they should also be educated on the costs, infrastructure, and time it takes for the successful execution. Most importantly, the EMR must be flexible to accommodate the change in patient load and also be user-friendly.  Maintenance of the EMR is another significant component of implementation.  When the EMR is not working that may mean the patient’s charts are inaccessible, and to account for this the healthcare organization should have a back-up system or the capacity to also have paper charts.  In these scenarios, it is imperative there be a staff member who has exemplary background in the information technology (IT) component and the non-IT component of medical records.  Hence, administrative responsibilities will expand beyond quality care. Managerial positions have now expanded to the healthcare providers as much as those who held the title alone.  Patient medical records are the essential part of medicine that correlate to the aptitude of the medical care professional and the organization itself.  In efforts to not violate any patient privacy laws underlined by HIPAA and also ensuring the EMR is properly used is directly related to the further development of healthcare IT.

Download our whitepaper on
What a Phone Upgrade Should Look Like
Find out the shortcomings of "typical" solutions