Is a Personal Health Record Right for You? Considerations for Californians

Similar documents
Understanding. Your Medical Record

Health Information Technology Resource Toolkit for Nurses as Health Care Consumers

Guide to Taking Control of Your Healthcare

Electronic Health Record

The Basics of HIPAA Privacy and Security and HITECH

Joe Dylewski President, ATMP Solutions

Introduction to HIPAA Compliance Checklist:

YOUR PERSONAL HEALTH RECORD

VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance

What Virginia s Free Clinics Need to Know About HIPAA and HITECH

Consumer Information Sheet 16 October 2013

SOUTH CAROLINA PUBLIC EMPLOYEE BENEFIT AUTHORITY (PEBA) NOTICE OF PRIVACY PRACTICES

Personal Health Records

NOTICE OF PRIVACY PRACTICES

How To Ensure Your Office Meets The Privacy And Security Requirements Of The Health Insurance Portability And Accountability Act (Hipaa)

HIPAA Security Overview of the Regulations

Frequently Asked Questions

Policy & Procedure AUTUMN RIDGE RESIDENTIAL CARE. March, 2013

HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services

How To Prepare For A Patient Care System

Chapter 15 The Electronic Medical Record

Notice of Privacy Practices

HIPAA: Bigger and More Annoying

HIPAA Privacy & Security Rules

Physician Champions David C. Kibbe, MD, & Daniel Mongiardo, MD FAQ Responses

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

HIPAA COMPLIANCE AND DATA PROTECTION Page 1

Record Keeping. Guide to the Standard for Professional Practice College of Physiotherapists of Ontario

HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA

NOTICE OF PRIVACY PRACTICES

HIPAA Privacy and Security

Patient Privacy and HIPAA/HITECH

stacktools.io Services Device Account and Profile Information

Synapse Privacy Policy

Viewing my Electronic Health Record

Population Health Management Program Notice of Privacy Practices from Piedmont WellStar HealthPlans, Inc.

Health Information Technology in Healthcare: Frequently Asked Questions (FAQ) 1

Authorized. User Agreement

HIPAA Happenings in Hospital Systems. Donna J Brock, RHIT System HIM Audit & Privacy Coordinator

HIPAA initially went into effect April 14, HIPAA is a set of rules that is to be followed by doctors, hospitals and other health care providers.

HIPAA COMPLIANCE AND

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice

HIPAA PRIVACY OVERVIEW

Disability Insurance Claim Packet Instructions. Your Disability Benefit Claim. How To Apply For Benefits

Pierce County Policy on Computer Use and Information Systems

Health Information Privacy Refresher Training. March 2013

HIPAA Notice of Privacy Practices

HIPAA Privacy & Security Training for Clinicians

HIPAA NOTICE OF PRIVACY PRACTICES

You Can Think Your Practice is in Compliance. or You Can KNOW IT! Leslie Canham is sponsored in part by

HIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees

Notice of Privacy Practices

NOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA)

ELECTRONIC HEALTH RECORDS. Nonfederal Efforts to Help Achieve Health Information Interoperability

Advanced Eye Care & Optical 499 E Winchester Blvd., Suite 101 Collierville, TN Phone: Fax:

PERSONAL HEALTH RECORDS AND

HIPPA Goes HITECH. Data Protection for Agents

Networked Personal Health Records

HIPAA PRIVACY AND SECURITY AWARENESS. Covering Kids and Families of Indiana April 10, 2014

CLINICIAN GUIDE TO A PERSONAL HEALTH RECORD

9180 Katy Fwy Houston, TX aokmedicalcenter.com

Research and the HIPAA Security Rule Prepared for the Association of American Medical Colleges by Daniel Masys, M.D. Professor and Chairman,

OCR/HHS HIPAA/HITECH Audit Preparation

How To Protect Research Data From Being Compromised

PATIENT REGISTRATION FORM

USES AND DISCLOSURES OF HEALTH INFORMATION

HIPAA Omnibus Notice of Privacy Practices Effective Date: March 03, 2012 Revised on: July 1, 2015

Shipman & Goodwin LLP. HIPAA Alert STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS

EHRs vs. Paper-based Systems: 5 Key Criteria for Ascertaining Value

Notice of Privacy Practices

Safe Practices for Online Banking

Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services

Keeping your online health and social care records safe and secure

Advanced Rheumatology of Houston Offices of Dr. Tamar F Brionez

This questionnaire is designed for the consumer to test their knowledge of electronic health records.

HI-1018: The Electronic Health Record

Electronic Medical Records Private. Secure. Practical.

When Your Child s Identity Is Stolen

Disability Insurance Claim Packet Instructions. Your Disability Benefit Claim. How To Apply For Benefits

GENOA, a QoL HEALTHCARE COMPANY, LLC WEBSITE PRIVACY POLICY

Privacy & Security Standards to Protect Patient Information

By the end of this course you will demonstrate:

Clinical Solutions. 2 Hour CEU

FTC FACTS for Consumers

NextGen Patient Portal User Guide. Version 2.0

Health Insurance Portability and Accountability Act (HIPAA)

HIPAA Notice of Privacy Practices

ETHICAL CONSIDERATIONS IN INTEGRATING PERSONAL HEALTH RECORDS INTO CLINICAL PRACTICE

GONZABA MEDICAL GROUP PATIENT REGISTRATION FORM

CUSTOMER INFORMATION COMMZOOM, LLC PRIVACY POLICY. For additional and updated information, please visit our website at

HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE

HIPAA Privacy Policy & Notice of Privacy Practices

Privacy Policy. Introduction. Scope of Privacy Policy. 1. Definitions

(13) - CHILD HEALTH POLICY

Client Advisory October Data Security Law MGL Chapter 93H and 201 CMR 17.00

University of Illinois at Chicago Health Sciences Colleges Information Technology Group Security Policies Summary

Electronic Health Records: What You Need to Know

Voice Documentation in HIPAA Compliance

HIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR. Chris Apgar, CISSP

HIPAA Notice of Privacy Practices

Transcription:

CONSUMER INFORMATION SHEET 13 September 2012 Is a Personal Health Record Right for You? Considerations for Californians This information is meant to give you an overall picture of Personal Health Records (PHRs) to help you decide if using one is right for you and your family. Only you can decide if a PHR is a tool you re interested in using and if so, which PHR provider best fits your needs. Efforts are underway on the state and national levels to create a system of electronic health records that all of your healthcare providers can easily access. As plans for such a system move along, the Personal Health Record marketplace continues to change. This Consumer Information Sheet provides some basic information for you to consider before signing up for a PHR. What is a Personal Health Record? Your health information is currently stored by many different healthcare providers in many different locations. Your physician, dentist, optometrist, and other healthcare specialists all keep separate records. A Personal Health Records is an Internet-based applications that allows you to gather, store, manage, and in some cases share, information about your health or the health of someone in your care. Your health information is stored where you can reach it on a Web site. You can usually access the site by using a user name and password. Some insurers, HMOs or medical provider groups offer PHRs for their members, and certain Internet companies sell PHR services for anyone to use. The cost of using an Internet PHR provider varies. Some companies require a one-time-only fee, others charge an ongoing fee, and still others provide the service for free. The free services may be supported by advertising revenues. PHR providers also have different ways to transfer your health information from where it is stored now to your electronic PHR. Some PHR providers have formed partnerships with hospitals, pharmacies and labs that let you import your medical records from your healthcare providers. Other PHR providers require you to get your health records and type the information into your electronic PHR.

Page 2 What are the advantages of having a Personal Health Record? A potential benefit of having a PHR is to gain a broad view of your health by having all of your information available in one central place. A PHR can allow you to access your health information to prepare for medical appointments. It can also enable you to communicate better with your healthcare providers about your medical needs. People with chronic health conditions may use a PHR to keep track of such things as how their medications are affecting them, or how they re feeling from day to day. Diabetics, for example, might use a PHR to record their glucose levels. People with hypertension might want use it to track their blood pressure readings. You might wish to add other health-related information to your PHR, such as your diet and exercise routines. You might use your PHR as a log to chart your progress towards your health and wellness goals. Personal Health Records may help you care for a family member or friend who needs assistance tracking and managing their health information due to age or illness. If you want to manage a PHR for someone else, you will have to get written authorization from the person you are caring for addressed to each of his or her healthcare providers. The authorization should say that the patient gives permission for the provider to release to the patient s caregiver all of the records and information about the patient s care and treatment. How do I create a Personal Health Record? You will need to request a copy of your records from each of your healthcare providers. To do so, you must complete an authorization for the release of information form for each provider. Request the form from your provider. Be aware that by law, a medical facility is allowed up to 60 days to provide you with a copy of your medical records, and most facilities charge for copies. Some information you may want to include in your Personal Health Record are a list of illnesses and surgeries, medications and dosages, allergies, immunization records, eye and dental records, and lab reports. Practice good computer hygiene.

Page 3 Most people feel that information about their health is some of their most private information, and they want to be certain it s kept secure. Before you begin using a Personal Health Record, you should be sure that you are practicing good computer hygiene. As with anything you do online, taking appropriate precautions will protect both your computer and your sensitive information. You can help lower your risk when you are online by installing a network firewall, using anti-spyware and anti-virus software and keeping all these protections up-to-date. Choose strong passwords that are hard to guess. To read more about computer security, see our Consumer Information Sheet 12: Protect Your Computer from Viruses, Hackers, and Spies. What questions should I ask before signing up? If you decide that a Personal Health Record may be beneficial to you or someone in your care, you should thoroughly research the PHR providers you are considering. Here are some basic steps you should take and questions you should ask before you register for a PHR service. Before you sign up with a PHR provider, carefully read the company s privacy policy and terms of use statements. For a more comprehensive guide to privacy policies, see our Consumer Information Sheet 6: How to Read a Privacy Policy. The privacy policy (perhaps along with the terms of use statement) should address all of the following questions. Contact the PHR provider if you want additional information. Be sure you are satisfied with the answers before you make your health information available to a PHR provider. Who will have access to my personal health information? What control will I have over the sharing of my information? The policy should describe any sharing of your personal information with third parties. Many PHR providers offer health management tools they may call services, programs, vendors or partners. The policy should describe any financial or other business relationships with such services offered on the PHR site. These tools, whether they are designed to track specific health data or to give you detailed information about a medical condition, are provided by other companies. You may need to allow them access to your PHR to use them. It s important to note that such tools are probably not covered by the privacy policy of the PHR provider. You should review the privacy policy and terms of use of the company whose tool you re interested in using. A good rule to follow is that whenever you leave the PHR

provider s Web site to visit a separate Web site, you should check that Web site s privacy policy and terms of use. Page 4 Also look for a discussion of the sharing of de-identified or aggregated information with third parties. For example, this may be done for research purposes. Would the provider ask for your approval before such sharing? Some have expressed concerns about the possible ability of researchers and others to re-identify data that had been de-identified. i How can I authorize others to have access to my PHR? Can I revoke the authorization later? Some PHR providers allow you to authorize others to access your Record. You may have the option to share your PHR with family or healthcare professionals. Can you limit authorizations to view your PHR? For example, if you allow your dentist to view your PHR, would he or she only be able to see your dental record? Or would your dentist be allowed to see all of your medical records? Look for information on how you would grant and revoke such authorizations. How can I find out who has accessed or used my personal information? The policy should describe how you can learn who accesses your PHR. A PHR provider may notify you by email whenever someone accesses your information. Or you might be able to view an audit trail of access in your PHR itself. In addition, you might be able to receive a history of access to the information on a monthly or other basis. Will I be able to remove my information from the system if I want to? How long after you have requested to delete information will it be deleted? Will the information be permanently removed from the provider s servers? What security measures are used to protect my information? Remember that security is an important element of privacy. Basic security protections include requiring a password for access to your PHR, encryption of communications (perhaps excepting email), and control of access to the PHR provider s servers. How can I ask questions or report concerns about my personal health record?

Page 5 Look for information on how to contact customer service and/or the PHR provider s privacy officer by email and by another means (fax or telephone). How quickly will a response be provided? PHRs and the Law Some PHR providers, such as health care providers and health insurers, are subject to the federal health information privacy law, HIPAA. ii It is recommended that PHRs meet privacy requirements at least equal to those in HIPAA, and recent amendments extended many HIPAA requirements to vendors of personal health records and other entities that offer products or services through PHR sites. iii In addition, California s medical privacy law applies to PHR providers. iv See our Consumer Information Sheet 7: Your Patient Privacy Rights: A Consumer Guide to Health Information Privacy in California. Offline Alternatives Many of the benefits of having a compilation of your medical history can be enjoyed without posting the records online. The American Health Information Management Association offers suggestions on creating your own offline personal health record. The records can be stored on your own computer, on a USB or flash drive, or in a folder or binder. You can find information on their MyPHR site listed below. The Federal Drug Administration provides My Medicine Record, forms for keeping track of your medicines. You can find the forms, along with a video that explains how to use them, on the FDA web site listed below. For Additional Information on PHRs American Health Information Management Association, www.myphr.com Federal Drug Administration, www.fda.gov/drugs/resourcesforyou/ucm079489.htm Patient Privacy Rights, www.patientprivacyrights.org World Privacy Forum, www.worldprivacyforum.org

Page 6 This fact sheet is for informational purposes and should not be construed as legal advice or as policy of the State of California. If you want advice on a particular case, you should consult an attorney or other expert. The fact sheet may be copied, if (1) the meaning of the copied text is not changed or misrepresented, (2) credit is given to the California Department of Justice, and (3) all copies are distributed free of charge. NOTES i See PHR FAQs on the Patient Privacy Rights web site at www.patientprivacyrights.org. ii Health Insurance Portability and Accountability Act of 1996 (HIPAA) - 45 CFR Parts 160 and 164, Standards for Privacy of Individually Identifiable Health Information and Security Standards for the Protection of Electronic Protected Health Information. For more on HIPAA, see the World Privacy Forum s A Patient s Guide to HIPAA, available at www.worldprivacyforum.org. iii The HITECH Act of 2009, part of the American Recovery and Reinvestment Act, extended many HIPAA provisions to personal health records maintained by entities not previously covered by HIPAA (42 U.S.C.A 17938). For recommendations on HIPAA and PHRs, see Review of the Personal Health Record Service Provider Market: Privacy and Security, Altarum, January 5, 2007, available at www.patientprivacyrights.org. iv See the Confidentiality of Medical Information Act, California Civil Code section 56.06.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information