By: Logan Pierce, editor-in-chief
In the latest installment of the Great Issues Lecture Series, Linda Whaley, director, Health Information Technology Program, addressed students, faculty and staff regarding personal health information.
One thing Whaley considers both good and bad is the constant policy revisions that take place within the health care industry. “The changes sometimes make my job difficult,” Whaley said, “I’m constantly revising my slides. What I tell you today may be different next week.”
Tracking health information
Whaley listed several things which are a part of personal health information, including hospital registration and admittance, doctor’s office visits, accessing urgent care clinics, and ambulance rides.
Medical history goes beyond where you are treated. Physical exams, lab tests, medical imaging and other tests are also recorded.
Which begs the question, who has access to such personal information? A surprisingly large number of people, the most obvious being public, state and federal health agencies and health care providers.
Beyond health care
Third party payers, i.e. insurance companies, can access a client’s medical records to ensure that the paid procedures have been performed.
Law enforcement has a limited access to medical records. Other entities, such as lawyers, need the medical records of their clients if they’re suing as the result of an injury, or when filling out an application for life insurance.
And, of course, individuals have the right to access their medical records. Care should be exercised when attempting to retrieve a hard copy. Depending on the amount of pages, printing fees could cost hundreds of dollars. To save money, individuals should select only those records relevant to their needs.
Another option is to request electronic copies of records. While not all facilities keep electronic medical records, government incentives are being pushed to increase these numbers. “Most physicians are migrating to electronic health records,” Whaley said, “$3.1 billion has gone to hospitals who adopt electronic health records.”
The benefits of digitally retrieving medical information include reduced paperwork, the rapid sharing of information, and the reduction of unnecessary tests.
“Security is the downside to electronic health records,” Whaley said, “There’s lots of breaches.”
The Department of Health and Human Services’ (HHS) website has a page detailing large breaches of information; breaches which affect 500 or more individuals. Whaley referred to this as the “wall of shame.”
“You can always get a wealth of information from government websites,” Whaley said, “Oklahoma has only four entries on the wall of shame.”
One of the most extreme breaches came from Blue Cross Blue Shield of Tennessee. They received a fine of $1.5 million from HHS after 57 unencrypted computer hard drives were stolen from a leased facility. The hard drives contained the names, social security numbers, dates of birth, diagnosis codes and health plan identification numbers of more than 1 million individuals.
The Secure Medical Records Transfer Network (SMRTNET) and their website, smrtnet.net, work to protect Oklahomans from medical identity theft, which is the fastest growing type of identity theft. Their network encompasses 25 hospitals and 60 clinics in Oklahoma, with more than 2,500 users.
“New [government] guidelines are being enacted,” Whaley said, “Encryption is not a requirement, but it is highly encouraged.”
Organizations like SMRTNET are making strides to prevent identity theft, while striving to follow the Health Information Management (HIM) goal “to optimally achieve the accuracy, availability and protection of health information for all.”