[Laughter] ever since the enactment of HIPPA in 1996 patient health information has been protected by federal legislation however privacy and security policies existed long before then not only on the state level but also within individual organizations a major impetus for the creation of uniform security rules Nationwide through Hippa was the development of the electronic health record or EHR related concerns about the transmission of data over the internet and accessibility by hackers and other unauthorized persons made it necessary to have consistent guidelines for the protection of patient privacy while hippo was certainly necessary as EHR has evolved over the years and has been a very good thing in many other aspects of Health Care the truth is that today's EHR is many times more secure than any physical chart ever could be short of forensic testing an unrealistic Prospect there's really no way to be sure who's looked at a traditional patient file sure charts can be kept under lock and key but they have to be removed moved at some point and what happens to them while they're out of that locked drawer or room is anybody's guess one of the inherent benefits of ehrs is strict control of who has permission to gain access to and share patient data an electronic fingerprint of sorts is Left Behind when someone does log in to a record with an EHR both patients and providers will know exactly who has accessed what information and when you set different security levels where a provider would have an unlimited security level you might have someone in the medical records department that has a limited security level you might have somebody else that's checking a patient in that could only look at the information side of the patient record we have the ability to track and respond to unauthorized access and to safeguard against that unauthorized access in electronic environment to protect the patient's privacy in the electronic environment we can actually see the username the login the date and the time stamp exactly when something was entered into the record the federal Hippa security rule requires that providers including positions routinely monitor who has accessed the record so patients can be assured that every time someone accesses their record it's recorded and that their provider is monitoring that routinely to ensure that there's not inappropriate access legal matters are obviously crucial and potentially costly nobody wants to be the one to tell a patient that his or her privacy has been compromised the possibility of lost business and patient lawsuits is bad enough but violation of federal regulations can mean the end of a practice thankfully the buil-in security features of ehrs Ensure a lower risk of breach and enhanced controls hippoc compliance is an ongoing Journey it's not a single destination documentation is key merely saying that you've done something is not sufficient you have to document who accessed the information how the information was manage what information was collected document document document the key to complying with the legal requirements for ehrs is first to thoroughly understand how the electronic system works it's also vital to have security policies and procedures in place practices must communicate and explain policies to all all employees and incorporate safety nets to ensure privacy the most exciting part is that once an EHR system is up and running it allows only those who need to view personal health information to access it the electronic system actually removes many concerns about security issues there is no security in paper once that information comes off of the printer you have little control of where that paper goes health and Information Technology allows you that control to manage that information to know exactly where it's going inappropriate access of heal information it is almost always an inadvertent act the greatest defense then against inappropriate access of health information in a physician practice is a very aggressive offense just establishing a culture of responsibility and accountability goes a long way to protecting health information years ago our electronic record kept the full social security number and credit card number available in the patient chart now they only keep the last four of both of those the rest are start out so it will be much more difficult for someone to practice identity theft because they can't access the whole number when planning the transition from paper to technology there are administrative safeguards and Technical safeguards that have to be in place the administrative safeguards can be the policies and procedures of how the information is collected accessed managed and audited the technical safeguards are firewalls antivirus the technology that plugs into the network that monitors the access to ensure that you're aware if there's an unauthorized breach with appropriate hardware and software safeguards in place there are Now options for remote access through smartphones and internet connections providers who are on call can give advice and make authorizations from wherever they are saving critical time in cases of life-threatening emergencies ironically despite increased security measures ehrs mean more convenient access for these users and the one person who deserves more than anyone to know a patient's health information the patient new meaningful use standards require that providers give patients access to their information whether that be through an online portal a local media such as a jump drive or a CD it's up to the provider how that information is supplied but the patient has the rights to view their information well if the patient knows his or her health information is safe and secure they're more willing to share everything that they need to tell their Physicians and Physicians always provide Better Health Care when they have quality information so it's a win-win the patient wins because he gets better care the doctor wins because he can give better care well it's easy to win people over to the concept ehrs the how-tos of taking that first step away from a paper system can be unclear and somewhat frightening remember you're not alone in the transition to ehrs there's a lot of information out there and while some of it is conflicting the best place to begin Gathering knowledge is to consult with your respected peers and colleagues ask them what they know and where they got the most useful information get their candid comments on their personal transition experiences because the only way you will be able to make a confident decision is to make an honest comparison of the electronic system with your current system almost everyone you ask will be more than willing to help because they know that the more providers who implement ehrs the better the future is for everyone involved in healthcare for additional information and resources for EHR adoption visit 10m med.org SL adopt EHR [Music] [Music]