Migraine and Electronic Medical Records- What you Need to Know
Keeping our Migraine and other health related records electronically is a part of the new health care law. Patients often think this will simplify things for themselves, their doctors and staff. However, the reality is that it often takes much more time to maintain them, and the practice can lead to unintended problems you need to know about.
I was surprised when I was offered the ability to view my electronic records online through one of my doctors. We’re in the country, and often years behind large metropolitan areas.
You should know up front that I readily admit I am a very reluctant electronic medical records (EMR) convert because I see too many ways for this personal information to be misused and abused. Since this was being forced on me though, I figured I might as well get the ball rolling and make the best of what I considered to be a less than ideal situation. However, even I was shocked when I started the process of setting up my account so that I could more easily manage my health records…
In my case, the process involved signing up for an account online. I received a postcard in the mail with instructions. After I started by creating my account, I was told to phone a special number to activate it. When I made that phone call, they checked to be sure I really was who I claimed to be, then gave me a PIN that would allow me to access my newborn account.
So far, so good.
I had a few moments, so decided to complete the process before I lost the information and had to start all over again, so I logged in.
Up popped a page with the user agreement I was expected to sign before I could actually get access to my records. Pretty standard protocol, right?
Not so fast!
I am one of those annoying people who actually reads the fine print on everything before I sign it, and this was no exception. Buried in the lines of the user agreement was something that really angered me.
In order for me to have access to my own personal health records, I had to sign an agreement that said I was giving up ALL my HIPAA rights1!
If you aren’t familiar with HIPAA, these are the rules that govern how your private information is used. Your health information is very private and you get to decide who gets your information and under what circumstances. That’s the law. Every time you go to a new doctor or hospital you are given a copy of your HIPAA rights and how that particular institution is going to use your information. By signing that agreement, you are saying “This is okay to use my information as you have indicated in this release.”
Shoot, my husband can’t even talk to the nurse without me signing a form that gives them permission to talk to him, and only him.
There are many parts to HIPAA, but the part that applied to me at this time is all about who I was giving permission to view and use my health records, and what they were going to do with them. In this case, if I wanted to have access to my records online, I was being required to give up ALL my HIPAA rights. Yes, the word ALL was used, leaving no doubt as to what I was getting myself into.
Unfortunately, the sale of medical records has become a booming business. EMR makes the sale of these records, legally and illegally, very easy. When we were using paper records, breaches of security and information were commonplace enough, and thousands of patients in every state every year had their information lost or stolen, often without their knowledge simply because they didn’t know how to locate this information. However, now with everything computerized, the numbers are in the hundreds of thousands of people affected by these breaches – the number of known/reported breaches in 2013 already is 17,292. There are countless others that will not be reported because records have been breached in secret by staff and others with access to computers that contain the information.
The government requires medical institutions of all types to report only known breaches over 500 patients per incident. Breaches under that number are not required to be reported, so the real number of information breaches is likely much higher than we can begin to imagine. These reports are public record and can be found here at the US Department of Health and Human Services
Moreover, these records could in theory be used against patients by insurance companies, employers, anyone who wants access to someone’s health information, because once I give up my right to privacy, it is gone forever. Just like everything else on the internet – once it’s there, you can’t take it back. It’s never really gone. It’s always “out there”.
The bottom line is: I don’t want my personal medical history floating about anywhere. I would have happily signed a release for the company who was putting my information online as well as my doctor’s office, however I expect them to use extreme care with my information and ardently protect it from the prying eyes of people who have no business nor permission to view them. I would also expect to hold them accountable if the information was not properly protected and was stolen or viewed inappropriately. That’s only fair.
There was no way I was going to give literally everyone carte blanche to do with my records whatever they wanted whenever they wanted! So, I refused to sign the agreement, and logged off the site forever.
I haven’t been back to my doctor’s yet to ask him if he knows what his patients are being required to do to get access to their records. I presume he probably is unaware – he’s a nephrologist, not a computer operator. Most patients who are internet savvy have seen so many user agreements that they often blindly sign them without ever looking them over, so I can’t help but assume that the vast majority of them are clueless that they have just signed all their rights away.
This is dangerous.
There are several different companies online that offer this type of service, and many hospitals and doctor’s offices that offer this option too. Maybe you are a patient that has utilized online EMR’s. If so, did you read your user agreement fully? Did you understand it? Did your user agreement require that you sign over all rights to your records when you joined the site?
What do you think about EMR’s and the potential misuse of your personal and private information? Do you mind the idea of signing over all your rights to your personal information?