Question

The public demands that the confidentiality of patient data must be maintained in any patient record system. Describe three protections and auditing methods that can be applied to paper-based systems. Describe there technical and three non-technical measures you would like to see applied to ensure the confidentiality of patient data in an EHR. How do the risks of privacy breaches differ for the two systems?

Answer 1

Regardless of the type of storage system used ,patient information must be stored in a manner that ensures its accessibility to authorized users whenever and wherever it is needed.

When establishing a paper-based system consideration must be given to

• the procedures that need to be put in place to enable tracking files.
• determination of who can access the files.
• consideration must be given to the system that avoids duplicating information and equipment as this can be costly for a business and security measures must be put in place to ensure control over the documents to prevent loss and damage of files.

According to the Security rule,health care facilities must provide three types of safeguards when using electronic health records.Non technical methods includes rules for providing a safe and hazard -free environment in which to store medical records such as

• Computer server rooms should be locked and assessed by authorized personnel only.
• Policies must be in place regarding which employees are allowed to access information.
• All employees should complete security awareness training.

Technical safeguards include rules for protecting electronic information

• Electronic protection -install and update anti-virus software,firewalls etc.to ensure files and emails are scanned for viruses and prohibit hackers.
• Email security-deleting email requests for sensitivre information without opening the message or attachment.
  • OPPM -ensures employers are educating employees on the guidelines to maintain strict security.

The risks of breaches in EHR system are employees are one main source of security risk as losses may occur due to accidental employee error.They may fail to keep consistent backups of information,email the wrong information to the wrong person or leave the computer unlocked with away from the workstation. old paper-based records are shredded off to make sure the information cannot be recovered such as ones with personal details like name and address as this can be retrieved by criminals if not disposed of correctly.