What are the privacy and security risks of electronic v. paper health records?
Paper Records
For paper records, the risk materializes in the form of gaining access to record
storage areas; finding records left on counters, exam rooms or copy machines;
receiving misdirected fax copies; and other similar events. Inappropriate
access can be accidental or intentional. Since access to paper records implies
physical access, securing against inappropriate access is accomplished by
segregating records into separate locked storage areas; restricting physical
access to storage areas; recording sign in and sign out procedures; and
maintaining records handling training and other similar procedures.
Electronic Records
With electronic records, inappropriate access manifests itself in one of two
ways: 1) an unauthorized user gains access to the EHR data; or 2) an
authorized user violates the appropriate use conditions. For example, if office
staff access the records of a friend or colleague that visited the practice.
Electronic records can be subject to 'serendipitous' access in situations such
as when a user account is left open or a passerby is able to view data on the
screen or manipulate the EHR features. Electronic records can also be subject
to breaches of network security that may allow a hacker to gain access to user
credentials and thereby to bypass the access control protections.
2. The Risk of Record Tampering
Medical records can be altered in a number of ways, including back dating,
fraudulent entries, erasures, or other modifications.
Paper Records
Anyone who has access to the paper record can remove pages, add entries,
erase or otherwise tamper with authentic entries.
http://www.hrsa.gov/healthit/toolbox/HealthITAdoptiontoolbox/PrivacyandSecurity/securityrisks.html (2 of 5) [10/21/2011 11:49:51 AM]