Running head: ELECTRONIC MEDICAL RECORDS

Electronic Medical Records

Hayley Brooke Watson
Freshman Seminar: Ward
November 2, 2015

ELECTRONIC MEDICAL RECORDS

Electronic Medical Records

While electronic medical records may be of benefit for clinical staff, they cause a
problem for patient privacy. Electronic medical records have made charting a lot easier. These
records have all the information that might be needed right at your fingertips. Even though it is
great to be able to type a patients name into a database and instantly view the patients picture
and information, an electronic medical record can pose a problem with privacy. The article,
Antecedents of Health Information Privacy Concerns, says that this could be considered a
HIPPA, Health Insurance Portability and Accountability Act, violation (2015). This is considered
a violation because the patients privacy may be compromised by hackers. As medical records
are transported from doctors offices, or nursing homes, to hospitals or vice versa, criminals are
able to hack into the data bases and retrieve important medical information. Patients are
concerned that their privacy is at risk. In chapter three of Healthcare Information Privacy and
Security, Bernard Robichau states that there is so many different people that have access to a
patients medical records that in order to protect patients the employees must be monitored at all
times (2014). There are many theories on how to possibly stop the hackers from taking sensitive
patients information.
There are theories for immediate temporary changes and also theories for future long
term fixes. Some of the short term fixes can include individual authentication of users, access
controls, protection of external electronic communications, and system assessment (National
Research Council p. 169-173). Some of the long term security practices can include strong
authentication, electronic authentication of records, enterprise- wide authentication, and access
validation (National Research Council p. 175-175). A lot of these solutions go hand-in-hand.

ELECTRONIC MEDICAL RECORDS

Some of these theories talk about the different places patient information may go and how
everyone with access to a patients medical record doesnt necessarily need to know all of their
information. Chapter five of Anonymization of Electronic Medical Records to Support Clinical
Analysis, states that a way to solve this is to use Anonymized diagnosis codes, in other words
diagnosis would be given special codes that can only be read by people who need to read them
(2013). Most of these solutions are upscaling the authorization to medical records. A book
entitled For the Record states, in pages 169-177, that for immediate reaction there would be a
need to give everyone a specific identification code and passwords and the future fix would be to
use single-session authentication codes and not individual identification and passcodes (1997).
Individual identifications and passcodes into electronic medical data bases can be dangerous.
One time authentication codes can be safer because the only people who would have those codes
would be current employees.
Places of employment have high security levels when taking care of their building,
employees, and patients so why cant we implement that into the protection of medical records.
Some places of employment have specific authentication codes to enter the building for all
employees. In addition to that, every time an employee is let go the code is changed so the
former employee cannot enter the building. I believe that this would help in the medical record
security aspect as well. If employees are given an authentication code that was changed every
day, this could cut down on hackers figuring out employees passcodes. It would also decrease
the likelihood of passcodes entering into the wrong hands such as patients family members or
corrupt employees. In the book Electronic Medical Records on page 189, it recommends that
immediately after someone is terminated all badges, keys, devices and passcodes be changed
immediately (2001). If the authentication codes to the medical records were one session usage

ELECTRONIC MEDICAL RECORDS

codes then the organization would not have to be concerned with terminating their passcode and
identification code.
People may see some problems with changing authentication codes. One possible
problem that some people may occur with the one session, daily changing authentication code
could be how everyone would know the code for that day in order to chart. At the beginning of
every shift, when you get your assignment and your report from the previous shift you would
receive the code for the day. Another problem may be with the fact that the authentication code is
only changed daily but a solution to this would be that after the last person clocks out for every
shift the next shift would be given a new code. This way nobody from the previous shift could
gain access to the records after their shift until they came into work again. The organization
would not have to worry about previous or current employers accessing patient information
outside of their working hours. Electronic medical records can be a great asset to the medical
community if you have the right security.

ELECTRONIC MEDICAL RECORDS

References
Carter, J. H., & American College of Physicians--American Society of Internal Medicine. (2001).
Electronic medical records: A guide for clinicians and administrators. Philadelphia:
American College of Physicians-American Society of Internal Medicine.
Ermakova, T., Fabian, B., Kelkel, S., Wolff, T., & Zarnekow, R. (January 01, 2015). Antecedents
of Health Information Privacy Concerns. Procedia Computer Science, 63, 376-383.
Gkoulalas-Divanis, A., & Loukides, G. (2013). Anonymization of electronic medical records to
support clinical analysis. New York: Springer.
National Research Council (U.S.). (1997). For the record: Protecting electronic health
information. Washington, D.C: National Academy Press.
Robichau, B. P. (2014). Healthcare information privacy and security: Regulatory compliance
and data security in the age of electronic health records.