Keeping ePHI Protected in an Age of Patient Access
Understanding the nuances of HIPAA regulations is particularly difficult now that technology affects all corners of healthcare: from telemedicine to remote patient monitoring to consumer glucose monitors to smartphones with thousands of health apps. Providers simply don’t understand the ramifications of HIPAA and other health IT laws — and where to draw the line with access.
According to an article in HealthTech Magazine, healthcare providers have traditionally been held responsible for all aspects of privacy and security of patient data because they created and controlled it. But boundaries shifted once electronic medical records came into play. The roles surrounding data privacy and ownership are now blurred.
One of the main challenges that comes with this change in ownership involves the use of smartphones by patients — in particular, patients using those devices to capture elements of their own medical data.
While there is some hesitation around protecting ePHI, HIPAA is clear: Patients have the right to their own medical data in any form or format. Although the provider traditionally owns the systems that record and manage that data, they don’t own the data itself. A patient can use technology (including a smartphone) to copy that data, even if it’s on a computer screen in a physician’s office.
Patients must understand that once they are in possession of that data -- whether it’s a photocopy, electronic copy or photograph -- they are solely responsible for the privacy and security of that data. Still, providers are concerned they will still be held accountable for the privacy and security of patient data they no longer control. Some providers will ask for a signed release, but that is not specifically required.
However, studies show that engaged and informed patients have better outcomes. Providing access to medical records through viable technologies, including web portals, apps or even smartphone cameras, is the new reality of care. Patients are now included as part of the care team and are responsible for the privacy and security of the data they handle — their own. The next step may be helping patients understand the importance of protecting that health data.
For guidance on protocols to protect your patients' ePHI, contact HIPAAcraticRx today.