Alright, so let's talk a little bit about access to either the
written record, you know, what we've historically used or,
you know, moving increasingly
towards the electronic record.
So, in institution, however they, you know, handle their
records they might have a medical records department.
They need to ensure that they have the appropriate administrative, technical,
and physical safeguards to secure that personal health information.
And the clinician should be part of that process in doing their
own due diligence to protect that personal health information.
How do you prevent access
to records by other people?
Well, you know, again it's talking about negligence
or sloppiness on the part of the clinician.
So if it's a written record, you shouldn't leave it in places
where other people can easily get access to it and read it.
So, closing records, locking them in a secure office
or store room, ways to prevent easy access by others.
If it's electronic records, you know, so if you're accessing
a portal and you leave that open on a computer screen
and the next person might be able to
come along and read those records.
So, again, having a means of either timing out to
close the record down once you've left the computer
or making sure that you log out so that the next
person can't get access to the information.
And if you're a clinician that accesses information
on a laptop or a mobile phone or other devices,
really making sure that access to those records is in a secure location
that another person is not going to be able to steal the laptop or,
you know, take your cellphone or that it's encrypted in some ways so even if it
was lost that another person couldn't get access to the patient's information.
It's also important to note that, you know,
there may be times where information
needs to be disclosed to other people and the
patient needs to give permission for that.
If that's being done, it should be done so that it's, you
know, clearly recorded. This is private information.
Whoever receives this information should also pay
attention to protecting the patient's privacy.
So, the next person down the line that gets the information should
not allow it to go astray and other people get access to it.
So, if you're faxing it as we used to do in the
old days or you're sending it electronically
to whatever portal or electronic means, making sure
that the next person also protects the privacy.
There is an increasing movement towards
giving patients access to their medical records.
Something called open notes. So, this is a
means of facilitating their healthcare.
One, they're going to know the information that
the clinician has learned. They can verify it.
Make sure that their information is accurate but it's also going to
facilitate them in adhering to the treatments that have been recommended.
Or they can learn the results of their diagnostic
test and then be able to ask, you know,
informative questions of the clinician
about the meaning of the test results.
It's important when you're documenting in the medical
record as the clinician how you phrase things.
If you know that patients are having access
to it, you're going to be much more diligent
about making sure you're phrasing
things in a respectful manner.
So, how the language you use, how you phrase things becomes
even more important when other patients have access to it.
There may be times when you want to prevent
patients from having access to it.
So, even though there's a general sentiment that this is
a good thing that patients have access to the records,
if the clinician feels that it might be harmful
to the patient to read something like,
you know, it's a pathology report that's been pending
for a week and it shows a diagnosis of cancer
if you know that the patient would be sort of devastated
by reading this at home alone on their computer,
maybe you would restrict the access and make sure that you
can deliver the news personally to them so that, again,
you can be there as an emotional support
to help them process the information.
It's also possible that you might get
secondary information about another person.
Again, I'm using the example of
the spouse that has an affair.
They have told you
this in confidence.
Now, you know, another person, their spouse is
going to get access to the electronic information.
Maybe you restrict the information so that
the spouse doesn't have access to it.
And we'll talk a little bit later in another lecture about
times when an adolescent might share personal information,
but may not want a parent to
know about that information.
Beyond just what we document in the
record and giving patients access to the record,
there may be times when we electronically
communicate with patients.
Whether that's, you know,
thru email or text messages,
patients need to understand the limits of protecting that
information when you're using these messaging functions.
Whether there's the opportunity to encrypt these messages
so that if it is intercepted, it can't be deciphered.
It may be that you're having message
authentication, some sort of user verification,
some institutions go to an electronic portal that
the patient has to enter username and password
and verify their identity in order to get access to
the communications with their physician or clinician.
So, often it's at an institutional level that they will approve certain
modes of electronic communication with sharing patient information.
Another caveat to this movement towards open notes is
some patients will want to give access to a loved one.
So the examples would be the spouse that has, well the patient
that has a serious illness wants to give access to their spouse
because their spouse is supportive of, you know, helping
them in the caregiving role for management of their disease.
The parent of a minor might be given
proxy access for their child's account.
Or it might be an elderly patient and now their adult children are
becoming more responsible for managing the patient's healthcare
so the elderly parent, that patient will give their
adult child access to their electronic record.
The question is always going to be for the clinician is what the clinician records in
the medical record something that the patient would be okay with the proxy learning.
So, that's a question of, you know, what
are the implications of this information
if the proxy were to read it even if
it's something in the remote past.
It's also the case that the proxy might interpret the
clinical data without the benefit of physician input.
So if they're getting access to the diagnostic results, a blood
test that had been done or radiology, imaging that's been done,
without the ability to sort of interpret it or get the clinicians
interpretation of the results, that might set up some,
you know, awkward discussions between the proxy and the
patient of, you know, the implications of these results.
So, whether the physician is
part of that conversation.