Security and Risks of Confidential Medical Records

Lancet Staff Report

All of us have been treated by one or more medical practitioners in our lifetimes, and have filled out medical release forms. Most of the time, however, we don’t give a great deal of thought to all of the intricacies surrounding the confidentiality of our medical records. As medical providers we do know that this subject is one of the inviolate precepts of the medical profession. It is essential that, if there is concern that a request for records indicates a professional liability claim, a medical claim specialist be notified. This does not suggest that all requests for records bring threats of lawsuits. Attorneys’ requests for records can be for a variety of reasons. Following is a summary of salient points regarding the issue of medical records privacy and the security required to protect those records.

Since 2003, the Health Insurance Portability and Accountability Act (HIPAA) has been the primary safeguard for the privacy of health information. Because medical records are considered confidential, a person should not be able to access another’s information without specific written consent. Every patient has the right to access his or her own personal health records, but with written permission, health care providers can release records to others. Hence the HIPAA release forms patients are now asked to complete upon an initial visit to a provider.
One may ask who can authorize the release of medical records. Generally, only the patient can sign for the release of confidential records. In most cases these additional parties may sign a
release: parents of minor children, a court-appointed legal guardian, or a representative acting with a Healthcare Power of Attorney.

The Privacy Rights Clearinghouse (2010) advises that federal law protects substance abuse records and many states protect HIV/AIDS information and mental health records. It is the intent of these laws to encourage patients inflicted with conditions to seek needed medical treatment, without the fear of disclosure.
All of this being said, there are instances when records can be released without a patient’s consent. Examples of these are: health care workers who have a need for records in order to treat a patient, qualified employees who work with medical record transcription, data processing, or other related functions. If a patient’s medical condition is involved in a lawsuit, retained representatives may have access to related records.

The caution of protecting medical information not only includes paper records, but electronic health records as well. Technology has enabled practitioners to economically consolidate, store, retrieve and share a patient’s entire medical history. The Privacy Rights Clearinghouse reports that George Bush called for a nationwide network of electronic records by 2015.

Technology software has made great strides in securing medical records and reducing exposure for risk, but hardware can produce problems as well. The Lexington Herald-Leader in Lexington, Kentucky, reported that a laptop computer was stolen from an office of the University of Kentucky. The computer contained patient names, dates of birth, diagnoses, mothers’ names and Social Security numbers. Even though the UK Health Care has policies and procedures to protect patient information, the university has a huge risk exposure due to the identity thefts of hundreds of individuals. This issue points out one more threat in the arena of medical risk management that healthcare providers and insurers must face everyday.

If you have questions concerning if the request for records of one of your patients involves a medical liability claim and how much information needs to be delivered, please feel free to call our Lancet customer service representatives toll free at (877) 370-2262. They are there to help you.

Lexington Herald-Leader, August 22, 2010.
Privacy Rights Clearinghouse (rev. 2010), Electronic health records: What are the benefits and dangers? (

Leave a Reply

Your email address will not be published.