It is important to be aware that private EHR's that are not part of a provider’s electronic health record are not considered to be legal records, and therefore, are not HIPAA covered entities.
The Health Insurance Portability and Accountability Act (HIPAA):
Covers medical information in any format-written, spoken, or electronic
Allows patient to view, request changes to, and obtain copies of health information documents
Provides protections regarding how your information can be used
Under HIPAA, you likely received a Notice of Privacy Practices when you visited a new healthcare provider or pharmacy. You would have been asked to sign a statement saying you’ve been given the notice. This Notice details your privacy rights, how your information is used and disclosed, and explains who will have access to your information.
Your Rights Under HIPAA:
Right to access, inspect, and copy health information
Right to request correction or amend health information
Right to request accounting of disclosures of health information-who has received it
Check out the AHIMA Consumer Health Information Bill of Rights
Who Owns your Health Information?
Your physical health record belongs to your healthcare provider, but the information in it belongs to you! Understanding what is in your health record helps you:
Make sure it’s correct and complete
Know what is being released when you authorize disclosure of information to others
Provide an accurate health history to all healthcare providers who treat you
Who else has access to your health information?
The law says that anyone can see your health record that needs it in order to provide your treatment, to facilitate payment for healthcare services, and to make sure quality care is being received. Most healthcare organizations have quality assurance departments. People in these departments review patient information in order to monitor and improve the quality of care you receive. Your information may also be used for research and as a legal document in cases where evidence of care is needed. For the most part, anyone who wants to use it for any other purpose needs your permission first.
Hospitals can share information with family members without your authorization if you are unable to consent and a family member (such as spouse, parent, or child) is involved in providing your care. For example, your spouse or child may be involved in caring for you following a hospital stay (by helping you in and out of bed, to bathe, changing bandages, and similar activities). You can simplify things at the time you are admitted to the hospital (or nursing home) by specifying which family member you want to receive information about you.
For more informtion: firstname.lastname@example.org