. "Appendix B: Legal Aspects of Computer-Based Patient Records and Record Systems." The Computer-Based Patient Record: An Essential Technology for Health Care, Revised Edition. Washington, DC: The National Academies Press, 1997.
The following HTML text is provided to enhance online
readability. Many aspects of typography translate only awkwardly to HTML.
Please use the page image
as the authoritative form to ensure accuracy.
Hospital Accreditation Requirements
Technically, the Joint Commission on Accreditation of Healthcare Organizations (JCAHO) is a voluntary organization, and JCAHO accreditation is voluntary. JCAHO accreditation standards, however, are incorporated in some state hospital licensure laws, at least in part,28 and a hospital is deemed to meet certain Medicare conditions of participation if it holds JCAHO accreditation.29
Although JCAHO accreditation standards do not explicitly address required media for record keeping and storage, they assume that a hospital may participate in an automated medical record data processing system. JCAHO standards permit authentication of medical records by computer key.
The JCAHO requires that all medical records be accurate, accessible, authenticated, organized, confidential, secure, current, legible, and complete.30 A computer-based medical record system can meet JCAHO standards if the system is properly designed and maintained and if medical records are otherwise properly completed.
Patient Rights Issues
Right of Privacy
The Federal Privacy Act and similar acts in many states provide assurance that patient records held by the federal government and governments of states that have enacted privacy legislation will not be disclosed to third parties without the patient's consent, except under defined circumstances.31 However, privacy of patient records in other states and in the private sector is governed by a crazy quilt of statutory, regulatory, and common-law rules and is often inadequately protected. 32
Growing demands for information contained in patient records pose an ever-increasing threat to patient privacy. Such demands come not only
See, e.g., the following regulations, which incorporate JCAHO standards for medical records into state hospital licensure requirements: N.H. Code of Admin. Rules, Part He-P802 (1986); R.I. Rules and Regulations for Licensing of Hospitals §25.7; Rules and Regs. for the Licensure of Hospitals in Virginia §208.5 (1982).
42 U.S.C. §1395bb.
Joint Commission on Accreditation of Healthcare Organizations, "Medical Record Services (MR)," Accreditation Manual for Hospitals (Chicago: 1990).
5 U.S.C. §552a.
The threats to patient privacy posed by increased use of computers for health records were detailed by Alan F. Westin in Computers, Health Records and Citizen Rights (Washington, D.C: U.S. Government Printing Office, 1976).