Electronic Medical Records, HIPAA, and Patient Privacy

Jingquan li, Michael J. Shaw

Research output: Contribution to journalArticlepeer-review


The continued growth of healthcare information systems (HCIS) promises to improve quality of care, lower costs, and streamline the entire healthcare system. But the resulting dependence on electronic medical records (EMRs) has also kindled patient concern about who has access to sensitive medical records. Healthcare organizations are obliged to protect patient records under HIPAA. The purpose of this study is to develop a formal privacy policy to protect the privacy and security of EMRs. This article describes the impact of EMRs and HIPAA on patient privacy in healthcare. It proposes access control and audit log policies to safeguard patient privacy. To illustrate the best practices in the healthcare industry, this article presents the case of the University of Texas M. D. Anderson Cancer Center. The case demonstrates that it is critical for a healthcare organization to have a privacy policy.

Original languageEnglish (US)
Pages (from-to)45-54
Number of pages10
JournalInternational Journal of Information Security and Privacy (IJISP)
Issue number3
StatePublished - Jul 2008


  • access control
  • case study
  • electronic medical record
  • medical record confidentiality
  • privacy protection
  • privacy regulations

ASJC Scopus subject areas

  • Information Systems


Dive into the research topics of 'Electronic Medical Records, HIPAA, and Patient Privacy'. Together they form a unique fingerprint.

Cite this