More Efficient Care. Doctors using EHRs may find it easier or faster to track your lab results and
share progress with you. If your doctors’ systems can share information, one doctor can see test
results from another doctor, so the test doesn’t always have to be repeated. Especially with x-rays
and certain lab tests, this means you are at less risk from radiation and other side effects. When
tests are not repeated unnecessarily, it also means you pay less for your health care in copay-
ments and deductibles.
More Convenient Care. EHRs can alert providers to contact you when it is time for certain
screening tests. When doctors, pharmacies, labs, and other members of your health care team
are able to share information, you may no longer have to fill out all the same forms over and
over again, wait for paper records to be passed from one doctor to the other, or carry those
records yourself.
•
•
Privacy, Security, and Electronic Health Records
2
Keeping Your Electronic Health Information Secure
Most of us feel that our health information is private and should be protected. The federal government
put in place the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule to
ensure you have rights over your own health information, no matter what form it is in. The government
also created the HIPAA Security Rule to require specific protections to safeguard your electronic health
information. A few possible measures that can be built in to EHR systems may include:
“Access control” tools like passwords and PIN numbers, to help limit access to your information
to authorized individuals.
“Encrypting” your stored information. That means your health information cannot be read or un-
derstood except by those using a system that can “decrypt” it with a “key.”
An “audit trail” feature, which records who accessed your information, what changes were made
and when.
•
•
•
Finally, federal law requires doctors, hospitals, and other health care providers to notify you of a
“breach.” The law also requires the health care provider to notify the Secretary of Health and Human
Services. If a breach affects more than 500 residents of a state or jurisdiction, the health care provider
must also notify prominent media outlets serving the state or jurisdiction. This requirement helps
patients know if something has gone wrong with the protection of their information and helps keep
providers accountable for EHR protection.
To learn more, visit www.hhs.gov/ocr/privacy/.
For more information, visit www.hhs.gov/ocr.
U.S. Department of Health & Human Services
Office for Civil Rights