Collecting, storing, and sharing personal health information about patients is a fundamental component of health care. In addition to serving as the information hub to health care providers in treating patients, medical records are frequently used by a host of other health care professionals, such as quality improvement organizations, researchers, and public health officials.
Most consumers want access to their medical records. A national survey documents that 68 percent of Americans believe that “giving people the right to see and make corrections to their own medical records” would be an effective way of promoting privacy and health care.1 In fact, Americans’ interest in accessing their personal medical information has increased over the years. In 2005, 51 percent of Americans tried to access their medical records, up from 45 percent in 1999.2 However, until recently, many people did not have the legal right to see, copy, and amend their health information held by their providers. As of April 2003, the HIPAA Privacy Rule mandates that people have such rights, whether their records are in paper or electronic format.3
Patients’ ability to effectively access their own personal health information could be significantly enhanced with the use of new technologies. Although there are significant concerns about privacy that must be addressed, accessing personal health information electronically could have a positive impact on how patients participate in their own care. Some providers and companies have taken the lead by offering patients electronic access to their medical information. The growing movement towards the development of electronic health record (EHR) systems should include patients as authorized users of their health information for both practical and legal purposes, enabling compliance with the privacy regulation and enhancing a person’s ability to make informed choices about his or her health and the use of his or her information.
While the Privacy Rule allows patient access to both paper and electronic records, the increasing use of technology in health care fosters the potential for streamlining the process of granting patients access to their records. The Privacy Rule provides a floor of protection, whereby individual states can—and have—enforced laws that both provide stronger protections for personal health information and allow patients easier access to their medical records.