A Answers (2)
Your doctor designates a privacy official who is responsible for making sure your medical records are kept private. In a small office, this may be the office manager. Large facilities have full-time privacy officials.
The Privacy Rule also requires your health care provider to inform you of your privacy rights. Clear privacy rules and procedures must be put into place, and employees must be trained in how to follow them. These procedures include passwords and other steps for securing your records against unauthorized use.
The HIPAA Security Rule requires providers to assess the security of their electronic health record systems. The Security Rule sets technical safeguards for protecting electronic health records against the risks that are identified in the assessment. Some of the steps that may be taken to reduce the risks include:
- Access controls such as passwords or PINs that limit access to your information to authorized individuals, like your doctors or nurses
- Encryption of your information, which means your health information cannot be read or understood except by someone who can "decrypt" it, using a "key" made available only to authorized individuals
- Audit trails, which record who accessed your information, what changes were made, and when they were made, provide an additional layer of security and oversight.
- Workstation security, which ensures that computer terminals that can access your health records cannot be used by unauthorized persons
Your providers must have risk management policies and procedures in place -- to assess security risks, and to ensure that known risks are addressed and prevented.
Important: This content reflects information from various individuals and organizations and may offer alternative or opposing points of view. It should not be used for medical advice, diagnosis or treatment. As always, you should consult with your healthcare provider about your specific health needs.