record systems an even more tempting target than paper records. As the medical information included in patient records becomes more sophisticated (e.g., genetic information), this temptation will only increase.

Mass disclosure of patient information could result in catastrophic liability for a provider; it could also result in licensure sanctions or statutory penalties. Theories under which providers may be held liable for breaches of confidentiality include both statutory and common-law theories. Common-law theories under which providers may be held liable for breaches of confidentiality include invasion of privacy, betrayal of professional secrets, breach of contract, slander, and negligent or intentional infliction of emotional distress. Statutes such as the federal statute concerning confidentiality of drug and alcohol abuse patient records provide penalties for breaches.

Security mechanisms and procedures can provide some level of protection to computer-based patient records against unauthorized access by users both inside and outside a provider organization. Yet even the most sophisticated security measures will not provide fail-safe protection of patient records, particularly in decentralized systems. In fact, one of the biggest threats to the security of computer-based patient records comes from the trend toward networked systems. Security measures that are both adequate and affordable and that do not interfere with efficient patient care currently do not exist for such systems.

A computer-based patient record system should include a security system that, as far as is practicable, permits only authorized users to access patient records and permits authorized users to access only those portions of the records that are relevant to their particular functions. The system should also ensure that access to each record is tracked by the system and monitored as a deterrent to unauthorized review of records. Access to sensitive records or portions of records should be sharply limited; this kind of access should also be tracked by the system and carefully monitored by the provider. Such records include HIV-antibody test results, records of drug and alcohol abuse patients, psychiatric records, and records of celebrity patients. With AIDS patients, the main and more easily accessible portion of the record can include a notation to use body fluid precautions without identifying the patient as having AIDS, hepatitis, or some other disease transmissible by body fluids. HIV-antibody test results can either be omitted from the automated system or stored in a restricted portion of the record. To the extent that sensitive records are not stored on the system, however, the advantages of a totally automated system cannot be realized.

A provider with a computer-based patient record system that uses passwords, access codes, and key cards should have and strictly enforce policies against disclosing or sharing such means of access. Alternatively, a provider could use a system that identifies users biometrically through voice-prints,



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement