When you last visited your health care provider you probably noticed that hey entered your information into a computer as you were answering their questions. When medical notes are entered into an electronic data base it is considered to be an electronic health record (EHR). This makes medical information much more accessible and it makes it easier for this information to be communicated between interested and involved parties. However, it can also raise quite a few questions regarding how private and secure your health information is. Who can access EHR? How is it protected from loss, hacking or theft? What am I supposed to do if I feel like my information has become compromised?

HIPAA Security Rule

The HIPAA Security Rule is designed specifically to protect health information stored in an EHR. According to the Security Rule health care providers must set up safeguards designed to protect electronically stored health information. This can include safety measures such as:

  • Various “access controls” like PIN numbers or passwords
  • Encrypting stored information
  • Audit trails which indicate who accessed information and what types of changes might have been made

If your information has been seen by a person who was not authorized to see it, the federal laws states that health care providers have to notify you of the breach. This keeps providers accountable and informs patients if something went wrong.

What Kind of Rights Does HIPAA Provide

The HIPAA Privacy Rules gives you certain rights regarding your own health information. No matter what method is used to store your health information, including electronically, you have certain rights such as:

  • Obtaining or seeing a copy of medical records
  • Requesting correction to any mistakes
  • Being notified to how your health information is shared or used
  • Stating how and where you desire to be contacted by a health care provider
  • Filing a complaint if you feel your rights have been violated

These rights pertain to health records which are stored electronically or otherwise. Typically patients receive notice of these rights when they visit their health professional