Know Your Right to Access Patient Data

Home > Electronic Health Record > Know Your Right to Access Patient Data

An important matter to consider when dealing with EHRs is the right to access patient data. Once an EHR is selected, all information is entered into the system and providers are no longer the only ones with access to it. If exclusive terms aren’t identified prior to engagement with a vendor, things could become unnecessarily complicated.

Providers should be sure to address how vendors are able to use patient data when drawing up a contract with the chosen vendor. It may be overlooked or considered inconsequential at the time, but, should unforeseen circumstances arise, the situation could quickly escalate.

A Medical Economics article cites an example in which a vendor blocked access to patient data over a billing conflict. Though it may seem uncomfortable to bring up, it’s always better to be on the safe side. Tackling it at the beginning is the best tactic, as it could be difficult, though not impossible, to deal with once the contract is signed.

The Health Insurance Portability and Accountability Act (HIPAA) dictates that vendors no longer have rights to data after the contract ends. However, if the information has been de-identified, that is to say, if it cannot be associated with specific patients, vendors may be able to retain use of it for research purposes.

De-identification requires one of two methods: removing all specific identifiers as indicated by HIPAA or have a statistical expert analyze the risk of identification of an individual from the information available. Further information on these methods can be found at the Department of Health & Human Services site.

According to the same Medical Economics article, in detailing the extent to which vendors are allowed to use data, the following should be addressed:

  • Under HIPAA, vendors have the same rights as the provider when it comes to utilizing or sharing patient data.
  • Vendors may need to share certain information to meet administrative or legal duties.
  • Some agreements may qualify vendors to collect and analyze data to produce reports for the providers and enable research.

Author: Apoorva Anupindi

Leave a Reply