The case must healthcare organizations in the country use electronic health records (EHR) following the enforcement of the American Recovery and Reinvestment Act (ARRA). ARRA requires all healthcare organizations to have EHR by the year 2015. Unlike electronic medical records (which only allows a provider to access medical records), electronic health records can be accessed by an authorized healthcare network. This makes EHR more convenient and faster to access a patient’s data in real-time. EHR also makes it possible to easily detect any inappropriate viewing of a patient’s information.
However, as with all network platforms, security concerns of breach of the system exist. The possibility of cyber-attack or system hacks could lead to identity theft which can destroy a person’s finances and reputation. If the breach occurs to multiple patients, then the case will surely be headed down the road of legal battles and court tribulations. Surprisingly, the biggest threat to EHR has not been hackers trying to steal healthcare data. Ray & Mackay (2015) shows that the biggest risk has been irresponsible or unethical healthcare employees who access the patients’ confidential information inappropriately.
And such was the case in a California hospital early this year (January 2015). The case involved a pharmacist employee who was discovered to have been snooping on a patient’s medical data for nearly a year. The hospital pharmacist whose employment was terminated thereof had snooped every bit of confidential information including clinical notes, diagnoses, medical prescription, and demographics. The hospital’s EHR audit discovered that 844 patients’ information had been inappropriately accessed and14 of them had had their PHI compromised. This is a privacy and security breach as provided by the Health Insurance Portability and Accountability Act (HIPPA), which requires health providers to protect the privacy and interests of the patients.
This incident at California Pacific Medical center is one of the many cases that continue to be exposed as EHR audits are conducted.
References
Ray, E., & Mackay, H. (2015). Guidelines for Determining Nurse Staffing. The Journal of Clinical Healthcare Services, 34 (2), 124.