from peer review bodies, third-party payers (both governmental and non-governmental), outside billing and computer services, and government, but from employers, insurers, and others who use health care information for non-health care purposes.
When information from patient records is disclosed by a provider—whether with or without the patient's consent—it is extremely difficult to control redisclosure of the information effectively, even though confidentiality agreements and notices are still advisable. Furthermore, when patient records are computerized, they can easily be transmitted across state lines, limiting the ability of any one state to protect the privacy of its citizens.
To the extent that patients and providers are aware that computer-based patient records increase the threat to patient privacy, they may be unwilling to provide or record complete information in the patient record, particularly with regard to sensitive matters, such as abortions, AIDS (acquired immune deficiency syndrome), psychiatric problems, and drug or alcohol abuse. Thus, the lack of adequate, uniform, national protection of patient privacy with respect to patient records may hinder full development of computer-based patient record systems.
Most states expressly allow a patient or a patient's authorized representative to inspect and copy the patient's hospital records.35 Rights of access to health records maintained by physicians and other individual health care providers may not always be clear.
Before records become available, the person seeking access typically must request such access in writing from the provider and pay reasonable clerical costs. A few states grant patients the right to review their hospital records only after discharge.36
Many states permit providers to refuse to grant a patient's request for disclosure where psychiatric records are involved and where release of the information would be detrimental to the patient's mental health or general