Confidentiality of Health Information Hit 109
1. Should corrections be dated and time stamped?
Confidential medical information should be entered into the computer-based patient record only by authorized personnel.
Additions to the record should be time and date stamped, and the person making the additions should be identified in the record.
2. When should the patient be advised of the existence of computerized databases containing medical information about the patient?
The patient and physician should be advised about the existence of computerized data bases in which medical information concerning the patient is stored. Such information should be communicated to the physician and patient prior to the physician’s release of the medical information to the entity or entities maintaining the computer data bases. All individuals and organizations with some form of access to the computerized data bases, and the level of access permitted, should be specifically identified in advance. Full disclosure of this information to the patient is necessary in obtaining informed consent to treatment. Patient data should be assigned a security level appropriate for the data’s degree of sensitivity, which should be used to control who has access to the information.
3. When should the patient be notified of purging of archaic or inaccurate information?
Procedures for purging the computerized data base of archaic or inaccurate data should be established and the patient and physician should be notified before and after the data has been purged. There should be no mixing of a physician’s computerized patient records with those of other computer service bureau clients. In addition, procedures should be developed to protect against inadvertent mixing of individual reports or segments thereof.
The physician and patient should be notified of the distribution of all reports reflecting identifiable patient data prior to distribution of the reports by the computer facility. There should be approval by the patient and
Confidential medical information should be entered into the computer-based patient record only by authorized personnel.
Additions to the record should be time and date stamped, and the person making the additions should be identified in the record.
2. When should the patient be advised of the existence of computerized databases containing medical information about the patient?
The patient and physician should be advised about the existence of computerized data bases in which medical information concerning the patient is stored. Such information should be communicated to the physician and patient prior to the physician’s release of the medical information to the entity or entities maintaining the computer data bases. All individuals and organizations with some form of access to the computerized data bases, and the level of access permitted, should be specifically identified in advance. Full disclosure of this information to the patient is necessary in obtaining informed consent to treatment. Patient data should be assigned a security level appropriate for the data’s degree of sensitivity, which should be used to control who has access to the information.
3. When should the patient be notified of purging of archaic or inaccurate information?
Procedures for purging the computerized data base of archaic or inaccurate data should be established and the patient and physician should be notified before and after the data has been purged. There should be no mixing of a physician’s computerized patient records with those of other computer service bureau clients. In addition, procedures should be developed to protect against inadvertent mixing of individual reports or segments thereof.
The physician and patient should be notified of the distribution of all reports reflecting identifiable patient data prior to distribution of the reports by the computer facility. There should be approval by the patient and