P6
Related Practice Areas
- The Markle Common Framework: Overview and Principles
- P1: The Architecture for Privacy in a Networked Health Environment
- P2: Model Privacy Policies and Procedures for Health Information Exchange
- P5: Authentication of System Users
- P9: A Common Framework for Networked Personal Health Information
- CT2: Authentication of Consumers
Additional Resources
- Policies in Practice: Individual Access
- Policies in Practice: The Download Capability
- Policies in Practice: Key Laws and Regulations
- Frequently Asked Questions
- Acknowledgements
Download P6: Patients' Access to Their Own Health Information
Collecting, storing, and sharing personal health information about patients is a fundamental component of health care. In addition to serving as the information hub to health care providers in treating patients, medical records are frequently used by a host of other health care professionals, such as quality improvement organizations, researchers, and public health officials.
Patients have a vital interest in accessing sensitive information about their own health care. A central principle of privacy policy is to provide people with access to their own information, so that they may make informed choices about who should get their information, under what circumstances, and be made aware of errors that the records may contain. Access to their own medical records can also empower consumers to become more engaged participants in their own health care.
Most consumers want access to their medical records. A national survey documents that 68 percent of Americans believe that “giving people the right to see and make corrections to their own medical records” would be an effective way of promoting privacy and health care.1 In fact, Americans’ interest in accessing their personal medical information has increased over the years. In 2005, 51 percent of Americans tried to access their medical records, up from 45 percent in 1999.2 However, until recently, many people did not have the legal right to see, copy, and amend their health information held by their providers. As of April 2003, the HIPAA Privacy Rule mandates that people have such rights, whether their records are in paper or electronic format.3
Patients’ ability to effectively access their own personal health information could be significantly enhanced with the use of new technologies. Although there are significant concerns about privacy that must be addressed, accessing personal health information electronically could have a positive impact on how patients participate in their own care. Some providers and companies have taken the lead by offering patients electronic access to their medical information. The growing movement towards the development of electronic health record (EHR) systems should include patients as authorized users of their health information for both practical and legal purposes, enabling compliance with the privacy regulation and enhancing a person’s ability to make informed choices about his or her health and the use of his or her information.
While the Privacy Rule allows patient access to both paper and electronic records, the increasing use of technology in health care fosters the potential for streamlining the process of granting patients access to their records. The Privacy Rule provides a floor of protection, whereby individual states can—and have—enforced laws that both provide stronger protections for personal health information and allow patients easier access to their medical records.