Electronic Medical Records, HIPAA, and Patient Privacy

Jingquan li; Michael J. Shaw

doi:10.4018/jisp.2008070104

Electronic Medical Records, HIPAA, and Patient Privacy

Jingquan li, Michael J. Shaw

Business Administration

Research output: Contribution to journal › Article › peer-review

Abstract

The continued growth of healthcare information systems (HCIS) promises to improve quality of care, lower costs, and streamline the entire healthcare system. But the resulting dependence on electronic medical records (EMRs) has also kindled patient concern about who has access to sensitive medical records. Healthcare organizations are obliged to protect patient records under HIPAA. The purpose of this study is to develop a formal privacy policy to protect the privacy and security of EMRs. This article describes the impact of EMRs and HIPAA on patient privacy in healthcare. It proposes access control and audit log policies to safeguard patient privacy. To illustrate the best practices in the healthcare industry, this article presents the case of the University of Texas M. D. Anderson Cancer Center. The case demonstrates that it is critical for a healthcare organization to have a privacy policy.

Original language	English (US)
Pages (from-to)	45-54
Number of pages	10
Journal	International Journal of Information Security and Privacy (IJISP)
Volume	2
Issue number	3
DOIs	https://doi.org/10.4018/jisp.2008070104
State	Published - Jul 2008

Keywords

access control
case study
electronic medical record
medical record confidentiality
privacy protection
privacy regulations

ASJC Scopus subject areas

Information Systems

Online availability

10.4018/jisp.2008070104

Library availability

Discover UIUC Full Text

Cite this

@article{4d728a216f994caf9564c03a5497a9db,

title = "Electronic Medical Records, HIPAA, and Patient Privacy",

abstract = "The continued growth of healthcare information systems (HCIS) promises to improve quality of care, lower costs, and streamline the entire healthcare system. But the resulting dependence on electronic medical records (EMRs) has also kindled patient concern about who has access to sensitive medical records. Healthcare organizations are obliged to protect patient records under HIPAA. The purpose of this study is to develop a formal privacy policy to protect the privacy and security of EMRs. This article describes the impact of EMRs and HIPAA on patient privacy in healthcare. It proposes access control and audit log policies to safeguard patient privacy. To illustrate the best practices in the healthcare industry, this article presents the case of the University of Texas M. D. Anderson Cancer Center. The case demonstrates that it is critical for a healthcare organization to have a privacy policy.",

keywords = "access control, case study, electronic medical record, medical record confidentiality, privacy protection, privacy regulations",

author = "Jingquan li and Shaw, {Michael J.}",

year = "2008",

month = jul,

doi = "10.4018/jisp.2008070104",

language = "English (US)",

volume = "2",

pages = "45--54",

journal = "International Journal of Information Security and Privacy (IJISP)",

issn = "1930-1650",

publisher = "IGI Global Publishing",

number = "3",

}

TY - JOUR

T1 - Electronic Medical Records, HIPAA, and Patient Privacy

AU - li, Jingquan

AU - Shaw, Michael J.

PY - 2008/7

Y1 - 2008/7

N2 - The continued growth of healthcare information systems (HCIS) promises to improve quality of care, lower costs, and streamline the entire healthcare system. But the resulting dependence on electronic medical records (EMRs) has also kindled patient concern about who has access to sensitive medical records. Healthcare organizations are obliged to protect patient records under HIPAA. The purpose of this study is to develop a formal privacy policy to protect the privacy and security of EMRs. This article describes the impact of EMRs and HIPAA on patient privacy in healthcare. It proposes access control and audit log policies to safeguard patient privacy. To illustrate the best practices in the healthcare industry, this article presents the case of the University of Texas M. D. Anderson Cancer Center. The case demonstrates that it is critical for a healthcare organization to have a privacy policy.

AB - The continued growth of healthcare information systems (HCIS) promises to improve quality of care, lower costs, and streamline the entire healthcare system. But the resulting dependence on electronic medical records (EMRs) has also kindled patient concern about who has access to sensitive medical records. Healthcare organizations are obliged to protect patient records under HIPAA. The purpose of this study is to develop a formal privacy policy to protect the privacy and security of EMRs. This article describes the impact of EMRs and HIPAA on patient privacy in healthcare. It proposes access control and audit log policies to safeguard patient privacy. To illustrate the best practices in the healthcare industry, this article presents the case of the University of Texas M. D. Anderson Cancer Center. The case demonstrates that it is critical for a healthcare organization to have a privacy policy.

KW - access control

KW - case study

KW - electronic medical record

KW - medical record confidentiality

KW - privacy protection

KW - privacy regulations

UR - http://www.scopus.com/inward/record.url?scp=85001875194&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85001875194&partnerID=8YFLogxK

U2 - 10.4018/jisp.2008070104

DO - 10.4018/jisp.2008070104

M3 - Article

AN - SCOPUS:85001875194

SN - 1930-1650

VL - 2

SP - 45

EP - 54

JO - International Journal of Information Security and Privacy (IJISP)

JF - International Journal of Information Security and Privacy (IJISP)

IS - 3

ER -

Electronic Medical Records, HIPAA, and Patient Privacy

Abstract

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this