Your Legal Rights to Electronic Medical Records Beyond HIPAA
Q: My physician uses electronic medical records. How do I receive a copy of them?
A: Under the Health Insurance Portability and Accountability Act (HIPAA), you have the right to see and get copies of your health information whether they are in paper or electronic format. Some of your health information may be available online to download through a secure website affiliated with your doctor’s office or health system. This is known as a patient portal. You can also request your medical records directly from your doctor’s office.
Q: I am concerned about the security of my electronic medical records because there have been so many data breaches of private information. Are my medical records truly secure?
A: Generally, yes. Electronic medical records are more secure than paper records. Only authorized medical personnel are permitted to access to your patient data to provide care to an individual. This differs from a paper record that anyone can read at any time. Paper records cause significant security risks and are difficult to detect when someone has tampered with them. Under HIPAA, physicians are responsible for protecting patient data. Any computerized system storing patient data must be HIPAA compliant. Audit trails are also used to track which records are viewed by logged-in users and what part of the record was accessed. If a breach of your medical records does occur, you should file a complaint with the U.S. Department of Health and Human Services.
Q: If my physician leaves the practice group where I’m a patient, where are my medical records and how do I get a copy?
A: If you opt to continue with a physician at the practice and do not follow your physician to his/ her new location, your records will likely remain with the practice. If you decide to follow your physician, he/she will need to transfer those records to the new location. You are entitled to inspect or copy your records from whoever maintains them. Every practice or physician may set reasonable requirements as to how you receive access to your records, including requiring a written request.