What is "consent"?
“Consent” means permission. In health care,
this is permission that is given by an authorized person to use information
about a patient. In most cases, the authorized person is also the person
whose information is being shared. In some cases, the person authorized
might be a representative, such as a parent, guardian, or person holding
a health care proxy. State or federal law may decide:
• if consent must be a signed written document, whether it may
be given orally, or is not needed at all;
• if a signed document is required, whether it must be on a form;
• if the consent may apply to multiple uses or if it applies only
to only one use;
• if other information must be provided to the person before the
consent may be obtained;
• who may ask for the consent; and,
• if certain uses may be made without consent or even if the person
objects.Consent may be required by law or required by the doctor’s
office or hospital even when it is not specifically required by law.
“Patient Preferences” are requests made
by the patient to the holder of the information (such as a doctor or
hospital) regarding the use, sharing, sending or storage of the information
that the holder may agree to, but are not required by law. A holder,
like your doctor, might have his/her own rules about your preferences
even if not required by law. If your doctor creates polices or rules
about consent, he/she may have to obey them. If a holder of information
follows a privacy policy stating that the holder must follow the patient’s
wishes, and that policy is described to the general public (for example,
in a privacy policy on a web site) the holder may have to follow that
policy by law.
What is a "repository"?
A “repository” is the collection of information,
also called a database. The purpose of a repository is to receive, store,
and send health information. This repository can be used by a single
person, organization or group of organizations. It has a set of rules
that everyone follows.
What does "Public Health" mean?
“Public Health” activities are carried out
by government agencies to prevent disease, prolong life, and promote
health. They keep track of things like vaccinations or sanitation. Often,
they watch out for threats to your health, like outbreaks of illnesses.
What is "research"?
“Research” is an organized way of gathering
information and figuring out how to answer questions about disease.
What is "de-identified" data used in research?
Sometimes, researchers will collect patient health information
from physicians, health plans, and other places that have your health
information. “De-identified data” requires that all information
that is uniquely related to you be removed.This information includes,
for example,
• name,
• address,
• date of birth,
• zip code,
• dates of receiving services, and
• medical record numbers. Unless you consent to your information
to be used for a specific study, researchers can only collect portions
of your health information, leaving out any data that could identify
you. Using de-identified data allows researchers to study patterns of
disease and other healthcare issues without risking the privacy of anyone.
What is an Electronic
Health Record (EHR)?
An electronic health record (EHR) is a secure, real-time
medical record stored on a computer or over a network. The EHR helps
providers make decisions by providing access to a patient’s health
information and history at the time the doctor needs it.
What is a Personal Health Record
(PHR)?
A personal health record (PHR) is an electronic, available, lifelong
resource of health information to help individuals to make healthcare
decisions. Individuals can own and manage the information in the PHR,
which comes from healthcare providers and the patient. The PHR is maintained
in a secure place with the individual determining who can see the information.
The PHR is separate from and does not replace the legal medical record
of any provider.
Personal health records (PHRs) are collections of important information
about a person. This information may include an individual’s health,
family history, and important, known, and available health information
that can be actively updated by the patient. The source of the information
for a PHR may be a healthcare provider, the patient, or claims payment
statements provided by the payer. There are many good reasons to keep
a PHR. The top three included the ability to provide doctors with useful
information, the ability to look back and recall what care was received,
and the ability to have access to the record in case of emergency. The
goal of PHRs is to improve communication between patients and their
healthcare team.
(Please see http://www.myphr.com/ for more information.)
What is a Personally Controlled Health Record
(PCHR)?
A personally controlled health record system enables
patients to own complete, secure copies of their medical records. It
is an actual medical record, not a portal. Portals, often provided by
healthcare institutions, are windows through which patients can view,
but not own or control, a portion of their health data stored at that
institution (See question 13 below for more about portals).
What is a health information organization?
A health information organization is one that oversees and controls the exchange of health-related information among organizations according to nationally recognized standards. (http://www.hhs.gov/healthit/documents/m20080603/10_2_hit_terms.pdf)
What is a regional health information organization?
A regional health information organization that brings
together health care providers and services within a defined geographic
area and governs health information exchange among them for the purpose
of improving health and care in that community.
(http://www.hhs.gov/healthit/documents/m20080603/10_2_hit_terms.pdf
)
Is a patient portal the same as a PHR?
A patient portal is not the same as a PHR, although
it may have similar features.
A patient portal is typically owned by the patient’s healthcare
entity or organization. It allows patients to view parts of their healthcare
record as entered by their healthcare team, such as test results or
medications. Some patient portals can be used to communicate with physicians
or schedule appointments. A PHR may be owned and managed by the individual.
Information in the PHR is typically entered in by the patient, although
some information may also come from the patient’s healthcare provider,
payer claims or payment statements. The healthcare information found
in a PHR is used by and for the individual as a resource to make informed
healthcare decisions.
What is e-prescribing?
Electronic prescribing (ePrescribing) uses computers
to allow a healthcare provider to enter, modify, review, and communicate
your prescription information. ePrescribing provides secure, 2-way electronic
data interchange (EDI) between providers and pharmacies. SureScripts,
founded by the National Association of Chain Drug Stores (NACDS) and
the National Community Pharmacists Association (NCPA), has started electronic
prescribing programs in states across the United States (http://www.surescripts.com).In
addition to sending prescriptions, ePrescribing can help the provider
make decisions.
Information about medication history, allergy information, drug interaction
alerts, and insurance benefits eligibility information may be available
to the provider. ePrescribing is efficient and accurate because the
system is entirely electronic. Prescription errors may result from miscommunication
due to unreadable handwriting, unclear abbreviations, and dose designations,
unclear telephone or verbal orders, or confusing orders and fax-related
problems. E-prescribing helps to eliminate these errors. In addition,
the pharmacist does not need to re-key the prescription information
into his or her system. There are cost-savings for the providers and
pharmacies from the reduction in calls to patients, better patient knowledge
of medications that are allowed by the insurance company, and fewer
data-entry errors (Tufts Health Plan, 2006).
What are the benefits of electronic health
records systems?
Storing health records electronically allows for quicker retrieval of more complete patient information by doctors and other providers. Electronic health records also make searching, tracking and analyzing information easier. Unlike paper records, they are not bulky, they don't take up costly space and they don't require people to maintain, retrieve, and file them. Electronic health records also provide easier access at times of emergency and can be backed up easily to avoid loss during times of disaster, especially when they are linked into a health information exchange network.
Why would an EHR/HIE lead to
less medical testing and a more efficient system?
When each doctor involved in a patient's care has all of that patient's
information readily available, medical tests done do not have to be
repeated unless there are new developments. This allows the doctor to
determine treatment more quickly and correctly.
How would an EHR/HIE improve
patient safety?
When a doctor who is treating a patient has access to all of the patient's
records, the doctor can make more informed decisions based on complete
information. Also, EHR/HIE systems can automatically tell health care
professionals when there are conflicts between prescribed drugs. In
addition, when medical information is stored electronically, there are
no problems with unclear handwriting on paper records and prescriptions.
Who is allowed to view my electronic health information?
Many people are allowed to look at your health information. You should receive a “notice of privacy practices” upon a first visit to a provider or hospital. When you join a health plan you will be given this “notice of privacy practices” also. As directed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule, these notices describe how your protected health information is to be collected, used, and sent. Also under the HIPAA Privacy Rule, your data may be looked at by law enforcement or national security officials if they present a warrant, subpoena, or summons. The HIPAA Privacy Rule gives special protections to psychotherapy notes kept by mental health providers. These notes may not be shared for any purpose unless you voluntarily provide a written permission to do so. In addition, some states have enacted privacy laws saying that some categories of health information are “sensitive” and require a second consent from you each time the information is sent. In Massachusetts, that would include sending HIV or genetic test results. HIPAA also keeps healthcare providers and health plans from sharing your health information to employers without your written authorization. Electronic healthcare processes in the future may give you greater control over the consent process and who sees your data, which in turn can help your doctors better manage your care. Efforts funded by the federal government, such as the Health Information Security and Privacy Collaboration (HISPC), are investigating privacy and security solutions to improve the effective adoption of health information technology and the electronic exchange of health information.
Will I know if my health information was misused?
Yes, but perhaps not always. Many people within a healthcare organization are responsible for maintaining the electronic health record system and making sure that records are kept private and secure. Under the HIPAA Privacy Rule, you have the right to receive a list of times that your health information was given out for certain purposes. The information is available for six years before the date that your request was made. This includes information given to or by the organization’s business associates but not information related to treatment, payment, or healthcare operations, or in cases where you gave consent.If you believe that a person, agency or organization covered under the HIPAA Privacy Rule ("a covered entity") violated your (or someone else’s) health information privacy rights or committed another violation of the Privacy Rule, you may file a complaint with the Office for Civil Rights. See the information provided: http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html
How do I know that insurers won't use my information to deny me coverage?
Under the HIPAA Privacy Rule’s notice of privacy practices, health plans generally have access to your medical information to decide whether a service is covered under your plan. Insurers would make this request to the provider treating you, regardless of whether your medical record was in paper or electronic form. However, you may have to give your consent or permission in order to allow health plans or insurers to access clinical information about you. If you don’t give your permission, the insurer may not pay the claim.
Can I ask my doctor to change or delete information in my medical record?
Yes, you may ask, but your doctor is required to maintain
the truthfulness of your health information and, under HIPAA, has the
final say over adjusting your medical record. You may request that your
doctor adjust information in your record that is inaccurate.
©
The University of Kansas Medical Center