HIM Professionals Play Key Role in Helping to Ensure Privacy and Security
The increasing use of patient portals has the potential to provide consumers with a faster and more convenient way to access their personal health information. Portals also present privacy and security challenges for the healthcare industry that health information management (HIM) professionals can help solve.
Finding the right balance of “proper security measures vs. usability” was a key focus of “Managing the Privacy and Security of Patient Portals,” presented by Adam Greene, JD, MPH, a partner at Davis Wright Tremaine LLP. He spoke Monday at the American Health Information Management Association’s (AHIMA) 85th Annual Convention and Exhibit.
“Patient portals are a powerful way for patients to quickly access their health information online,” said AHIMA CEO Lynne Thomas Gordon, RHIA, MBA, CAE, FACHE, FAHIMA. “For portals to realize their potential, it is incumbent on HIM professionals to proactively make sure that patients benefit from the same privacy and security standards they are accustomed to. To facilitate this, HIM professionals should be involved in all aspects of their organizations’ portal strategy as they are the experts who will deal with it daily.”
Added Greene, who formerly worked as a regulator at the U.S. Department of Health and Human Services: “You want each patient to have a strong password but not so strong that they can’t remember it and access their records.”
When an organization installs a patient portal, Greene said that one facility’s experience was that medical record requests increased as patients received greater access to their health information. Areas that pose the greatest privacy challenges include family medicine, women’s health, psychiatry and transplant.
Greene highlighted a number of questions HIM professionals are grappling with, including:
- What is the appropriate level of authentication for an electronic health record (EHR) portal?
- Do patients have the option of asking for higher security through a multifactor authentication?
- How are password resets handled?
Greene urged HIM professionals to make sure their organizations’ EHR portal vendor’s software has been independently tested.