• E-mail
• Print
• RSS

Determine who can access EHR information

EHR Connection, October 24, 2005

Before implementing any components of your EHR, think long and hard about what levels of security you need. Terry Jacobs, director of EHR initiatives for Siemens Medical Solutions, Malvern, PA, says that records pertaining to psychiatric care and treatment for sexually transmitted diseases, including AIDS and HIV, are often the most sensitive records in the system. Consider how your facility will protect this type of information, not only from outsiders, but also from staff members not affiliated with the patient.

Answer the following questions:

• What has your facility done to protect protected health information?
• Who has the ability to log on to the system?
• How will access levels change when employees leave the organization?
• What information will someone logged on be allowed to see?
• How will someone gain access to different levels of information?
• Will physicians from one department be able to see records for a patient in a different department?
• Will the patient be able to decide which physicians see certain information? If so, do you have a system in place to keep certain information private and make other information accessible?
• Will your system automatically maintain a log of which employees view certain information?
• How will patients access their own records?
• Will physicians and practitioners be allowed to access the repository offsite? If so, how will they gain this access?
• What kind of protection will your system have from outside breaches?

• E-mail to a Colleague
• Print
• RSS
• Archive