and should outline the policies and procedures in place to protect patient privacy. In addition, the forms should explicitly list the types of organizations to which identifiable or unidentifiable information is commonly released (e.g., insurers, researchers, and managed care companies). The forms should authorize the organization to release the specified information for a limited amount of time only, after which the organization must obtain new authorization from the patient. Attempts should be made to write the form in language that is accessible to the patient population.

Patient Access to Audit Logs. Health care providers should give patients the right to request audits of all accesses to their electronic medical records and to review such logs. As with access to patient records, providers may retain the right to share the audit log with patients in the presence of a provider employee who can explain the reasons for legitimate access. This practice not only will enable patients to ensure that their privacy has not been violated but will also help educate patients as to health data flows and perhaps create a more trusting relationship between patients and providers.

Security Practices for Future Implementation

The practices listed above are intended for immediate implementation in order to provide health care organizations with a minimally sufficient level of security in the current environment. Over the next several years, the security environment will change significantly as health care organizations move more health information on-line and begin to transfer more information electronically between users. In order to prepare for this new world and maintain adequate privacy and security, practices will have to evolve. Health care organizations will need to continue to invest in security technology.

The practices outlined below are intended to help the health care industry prepare for the future. In large part, the ability of health care organizations to implement the technical practices recommended below will depend on the general availability of the relevant technology. In some cases, availability will be a consequence of demands in markets including but not limited to health care (i.e., the general business market). In other cases, products will become available only if health care organizations demand them. In either event, health care organizations should start planning now to implement these practices in the future. They should begin to work with vendors to define the requirements of future health information systems so that the systems will be available when needed.

The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement