Patients and Medical Records 101

By September 21, 2018Uncategorized
patient medical records

In the modern age of healthcare, one’s medical record isn’t merely a set of pages held together in a binder behind the office. Rather’s, a patient’s medical record is a complex set of electronic documents that is comprised of physician appointments, medical exams, testing results, scheduled operations, and operative reports. In the wake of the transition from paper to electronic, medical records have increased in complexity — including the levels of authority at which access is granted. It is important to remember that, ultimately, electronic medical records (EMRs) are centered on providing the highest level of patient care. Physicians, clinicians, researchers, and administrators are granted access to highly sensitive information in order to act in the best interests of the patient, in clinical and non-clinical capacities. However, as patients are navigating the world of patient portals, it is important to recognize which elements about an EMR are most critical for the patient to understand.

The first crucial entity to understand when discussing EMRs is HIPAA. HIPAA, or the Health Insurance Portability and Accountability Act of 1996, is a law that protects individual medical and health information throughout the United States. All healthcare providers and employees of healthcare providers, including clinical and non-clinical professionals, are required to comply with HIPAA. This essentially means that as a patient, one’s medical information must be protected to the highest degree, including encryption, password protection, and the use of anonymization. Patients should be cognizant that HIPAA does not only apply to their physician or nurse — it applies to all staff in the hospital, the third-party vendor that processes images or testing, health insurance companies, and any party that may be privy to a patient’s medical information at any point before, during, or after their clinical episode. HIPAA is built to protect patients from their confidential and sensitive medical information being shared with inappropriate parties. EMRs facilitate higher compliance with HIPAA requirements, and patient protection more broadly, because they can be secured with multiple methods of security. Undoubtedly, the healthcare provider or individual attempting to access a patient’s medical information will have to log-in through a secure server. Depending on the institution, the login may include additional security features, such as two-factor authentication, biometric identification, or VPN requirements. Such actions ensure that your EMR is highly protected and only accessible to the appropriate individuals or parties.

Alongside the security features, EMRs are more conducive to secure sharing amongst institutions. For example, if a patient decides to move healthcare providers or to seek a second opinion at a different institution, historically such a process would be laborious and require either direct mailing or faxing of health information — each of which are non-secure methods. However, with EMR, hospitals and healthcare providers can subscribe to Electronic Health Records, which are comprehensive software systems that allow for sharing amongst the licensed healthcare providers and institution that align. The inclusion of EHRs increases patient engagement in their own clinical journey, as well as the patient’s autonomy to move to the provider that they prefer for treatment.

In the coming years, healthcare technology will continue to improve and manifest itself in greater advantages for patients, providers, and institutions alike. Patients should take heed of such developments, understanding that their medical information is a critical resource in their diagnosis and treatment during clinical episodes, and throughout the rest of their lives.


Agency for Healthcare Research and Quality. “Electronic Medical Record Systems”. US Department of Health and Human Services. Web.

Garrett and Seidman. “EMR vs EHR – What is the Difference?”. The Office of the National Coordinator for Health Information Technology. Web. 2011.

Kruse, Clemens Scott et al. “Security Techniques for the Electronic Health Records.” Journal of Medical Systems 41.8 (2017): 127. PMC. Web. 18 Sept. 2018.

OCR Privacy Brief. “Summary of the HIPAA Privacy Rule”. Web. 2013.