June 10, 2014. When we speak of “security” in this set of HIPAA Safeguard posts, we generally refer to it in the context of the HIPAA Security Rule and compliance by covered entities and business associates with its standards and implementation specifications to safeguard electronic protected health information. Another context relates the growing use of electronic health records (EHRs) by covered entities such as hospitals and physicians and that persons authorized by those covered entities having access to protected health information contained in their EHR systems are “secure” in the knowledge that such information is correct. The June 10, 2014, Wall Street Journal has an article by Laura Landro entitled: “Health-Care Providers Want Patients to Read Medical Records, Spot Errors, which is available online at: http://online.wsj.com/articles/health-care-providers-want-patients-to-read-medical-records-spot-errors-1402354902. In that article is the statement: “Studies show errors can occur on as many as 95% of the medication lists found in patient medical records.”
The consequences of errors in data are faulty information, inaccurate intelligence related to diagnosis based on that information, and possible injury or death for patients. The Institute of Medicine of the National Academies (IOM) has long studied the consequences of data errors in medicine, as indicated recently by its September 2012 report: “Digital Data Improvement Priorities for Continuous Learning in Health and Health Care—Workshop Summary,” which is available in abstract online at: http://www.iom.edu/Reports/2012/Digital-Data-Improvement-Priorities-for-Continuous-Learning-in-Health-and-Health-Care.aspx. The nexus between data-information-intelligence was a major focus of last year’s recommendations from the Patient Engagement workgroup section of the 2013 WEDI Report—“The Right Information, To The Right Place, At The Right Time”. That report is available online from the Workgroup for Electronic Data Interchange (WEDI) Foundation at: http://www.wedi.org/topics/2013-wedi-report.
As the Wall Street Journal indicates, consumers as patients must take greater responsibility to ensure that their healthcare information in medical records is correct, and the article lists content areas in which to examine information for accuracy. Most patients have multiple healthcare encounters, with medical records in each venue identified in a “designated record set” with an identification number, so it would be useful to examine each of the current designated record sets to ensure accuracy. While physicians and hospitals can communicate with health plans readily if the physician or hospital has the patient’s beneficiary plan number, physicians generally do not know all of a patient’s medical providers unless the patient provides that information to each provider as apart of a medical history. In the future, when electronic health record systems can communicate on an interoperable basis assuming the patient can be uniquely identified, this will be less of a problem. In the meantime, and especially useful in the case of a medical emergency, patients may want to consider carrying in a smartphone or on paper in a wallet or purse essential, updatable information, including, but not necessarily limited to the following: