Access to Patient Information

00:00 Alright, so let's talk a little bit about access to either the written record, you know, what we've historically used or, you know, moving increasingly towards the electronic record.

00:12 So, in institution, however they, you know, handle their records they might have a medical records department.

00:18 They need to ensure that they have the appropriate administrative, technical, and physical safeguards to secure that personal health information.

00:27 And the clinician should be part of that process in doing their own due diligence to protect that personal health information.

00:36 How do you prevent access to records by other people? Well, you know, again it's talking about negligence or sloppiness on the part of the clinician.

00:45 So if it's a written record, you shouldn't leave it in places where other people can easily get access to it and read it.

00:51 So, closing records, locking them in a secure office or store room, ways to prevent easy access by others.

01:01 If it's electronic records, you know, so if you're accessing a portal and you leave that open on a computer screen and the next person might be able to come along and read those records.

01:15 So, again, having a means of either timing out to close the record down once you've left the computer or making sure that you log out so that the next person can't get access to the information.

01:31 And if you're a clinician that accesses information on a laptop or a mobile phone or other devices, really making sure that access to those records is in a secure location that another person is not going to be able to steal the laptop or, you know, take your cellphone or that it's encrypted in some ways so even if it was lost that another person couldn't get access to the patient's information.

01:57 It's also important to note that, you know, there may be times where information needs to be disclosed to other people and the patient needs to give permission for that.

02:07 If that's being done, it should be done so that it's, you know, clearly recorded. This is private information.

02:15 Whoever receives this information should also pay attention to protecting the patient's privacy.

02:22 So, the next person down the line that gets the information should not allow it to go astray and other people get access to it.

02:31 So, if you're faxing it as we used to do in the old days or you're sending it electronically to whatever portal or electronic means, making sure that the next person also protects the privacy.

02:46 There is an increasing movement towards giving patients access to their medical records.

02:51 Something called open notes. So, this is a means of facilitating their healthcare.

02:58 One, they're going to know the information that the clinician has learned. They can verify it.

03:04 Make sure that their information is accurate but it's also going to facilitate them in adhering to the treatments that have been recommended.

03:12 Or they can learn the results of their diagnostic test and then be able to ask, you know, informative questions of the clinician about the meaning of the test results.

03:26 It's important when you're documenting in the medical record as the clinician how you phrase things.

03:33 If you know that patients are having access to it, you're going to be much more diligent about making sure you're phrasing things in a respectful manner.

03:42 So, how the language you use, how you phrase things becomes even more important when other patients have access to it.

03:51 There may be times when you want to prevent patients from having access to it.

03:55 So, even though there's a general sentiment that this is a good thing that patients have access to the records, if the clinician feels that it might be harmful to the patient to read something like, you know, it's a pathology report that's been pending for a week and it shows a diagnosis of cancer if you know that the patient would be sort of devastated by reading this at home alone on their computer, maybe you would restrict the access and make sure that you can deliver the news personally to them so that, again, you can be there as an emotional support to help them process the information.

04:34 It's also possible that you might get secondary information about another person.

04:39 Again, I'm using the example of the spouse that has an affair.

04:45 They have told you this in confidence.

04:47 Now, you know, another person, their spouse is going to get access to the electronic information.

04:54 Maybe you restrict the information so that the spouse doesn't have access to it.

05:01 And we'll talk a little bit later in another lecture about times when an adolescent might share personal information, but may not want a parent to know about that information.

05:12 Beyond just what we document in the record and giving patients access to the record, there may be times when we electronically communicate with patients.

05:21 Whether that's, you know, thru email or text messages, patients need to understand the limits of protecting that information when you're using these messaging functions.

05:33 Whether there's the opportunity to encrypt these messages so that if it is intercepted, it can't be deciphered.

05:40 It may be that you're having message authentication, some sort of user verification, some institutions go to an electronic portal that the patient has to enter username and password and verify their identity in order to get access to the communications with their physician or clinician.

06:03 So, often it's at an institutional level that they will approve certain modes of electronic communication with sharing patient information.

06:15 Another caveat to this movement towards open notes is some patients will want to give access to a loved one.

06:24 So the examples would be the spouse that has, well the patient that has a serious illness wants to give access to their spouse because their spouse is supportive of, you know, helping them in the caregiving role for management of their disease.

06:41 The parent of a minor might be given proxy access for their child's account.

06:49 Or it might be an elderly patient and now their adult children are becoming more responsible for managing the patient's healthcare so the elderly parent, that patient will give their adult child access to their electronic record.

07:06 The question is always going to be for the clinician is what the clinician records in the medical record something that the patient would be okay with the proxy learning.

07:18 So, that's a question of, you know, what are the implications of this information if the proxy were to read it even if it's something in the remote past.

07:29 It's also the case that the proxy might interpret the clinical data without the benefit of physician input.

07:37 So if they're getting access to the diagnostic results, a blood test that had been done or radiology, imaging that's been done, without the ability to sort of interpret it or get the clinicians interpretation of the results, that might set up some, you know, awkward discussions between the proxy and the patient of, you know, the implications of these results.

08:01 So, whether the physician is part of that conversation.