Beginner’s Guide to Security within an EHR

Article

One of the most powerful features of an EHR is the instantaneous access that it offers providers to patient information. From a workstation at the office or at home, physicians can access their entire patient panel and quickly drill down into clinical minutiae with a speed and precision that a paper chart can’t touch.

One of the most powerful features of an EHR is the instantaneous access that it offers providers to patient information. From a workstation at the office or at home, physicians can access their entire patient panel and quickly drill down into clinical minutiae with a speed and precision that a paper chart can’t touch.

But this wonderful ease of access also means that a practice may be inappropriately “sharing” sensitive patient information with individuals that have no business seeing it. Interestingly, despite the high-profile cases that hit the airwaves periodically, these privacy violations are more likely to happen within a practice than due to the malicious intent of an outsider.

Fortunately, a good EHR can help you minimize these privacy transgressions. Here is a beginner’s guide to some of the features you should look for:

Granular security: This means that the EHR has the ability to segregate sensitive information within a patient’s chart (e.g., mental health records, STD results, substance abuse information) or restrict access to a particular patient (e.g., a celebrity, participants in a high-profile legal case, workplace staff or relatives), so that only authorized individuals can see. Advanced systems may even allow you to create aliases for certain patients in instances when you want restricted access to a particular set of encounters.

Role-based access: As a corollary to granular security, this EHR feature allows to you define who sees what by their job within the practice. For example, the front desk might be given access to demographics and scheduling data but are prevented from viewing clinical data. While physicians are typically given the highest level of access, role-based security tools can also be used for practices that want to restrict physician viewing to the patients in their immediate group.

Audit trails: It can be impractical to completely lock down your EHR, and therefore you need some software and psychological tools to help you out. An EHR audit trail allows you either to determine all the individuals that have looked at a particular patient (useful if you are concerned about who is snooping on your VIPs) or track the EHR usage of a staff member that may be suspected of inappropriate use. Publicizing the presence of an EHR audit trail is important. At least half of its power is as a deterrent; people behave differently if they know you are watching. 

Bruce Kleaveland is a paid correspondent through Intel’s sponsorship with Physicians Practice.  

Related Videos
Video 2 - "Exploration into the Management of the Three Symptom Domains of Schizophrenia"
wind
support group
Dune Part 2
spinal tap
train
grave
heart
uncertainty
Related Content
This first update in 20 years is contained in a recent rule issued by SAMHSA.

Feds Ease Restrictions on Treating Opioid Addiction via Telehealth

April 19th 2024
Article
Lifestyle Interventions for ADHD

Lifestyle Interventions for ADHD

May 4th 2022
Podcast
psychedelics

Navigating New Terrain: Clinician Education at the Crossroads of Psychedelics and Medical Ethics

April 19th 2024
Article
Here's to a Psychedelic Revolution

Here's to a Psychedelic Revolution

April 9th 2022
Podcast
humiliation

Humiliation and Dignity in the Mideast and Elsewhere

April 19th 2024
Article
What does the recent FDA clearance of this treatment for adolescents mean for the future of MDD treatment?

NeuroStar TMS and the Future of MDD Treatment for Adolescents

April 18th 2024
Article
© 2024 MJH Life Sciences

All rights reserved.