{"id":2500,"date":"2011-12-12T10:24:49","date_gmt":"2011-12-12T15:24:49","guid":{"rendered":"http:\/\/www.healthit.gov\/buzz-blog\/?p=2500"},"modified":"2025-07-16T16:12:23","modified_gmt":"2025-07-16T16:12:23","slug":"privacy-security-electronic-health-records","status":"publish","type":"post","link":"https:\/\/healthit.gov\/blog\/privacy-and-security\/privacy-security-electronic-health-records\/","title":{"rendered":"Privacy, Security, and Electronic Health Records"},"content":{"rendered":"\n

Health care is changing and so are the tools used to coordinate better care for patients like you and me. During your most recent visit to the doctor, you may have noticed your physician entering notes on a computer or laptop into an electronic health record (EHR). With EHRs comes the opportunity for patients to receive improved coordinated care from providers and easier access to their health information. It\u2019s a way to make it easier for everyone to be better informed and more involved in the patient\u2019s health care. However for many of us, EHRs also come with questions and concerns about the privacy and security of our health information. Who can access the information on my EHR? How can I see the information in my record and make sure it\u2019s correct? How is it protected from loss, theft and hacking? What should I do if I think my information has been compromised?<\/p>\n\n\n\n

Many of you have heard of HIPAA– the Health Insurance Portability and Accountability Act. The HHS Office for Civil Rights (OCR) enforces the HIPAA Privacy and Security Rules, which help keep entities covered under HIPAA<\/a> accountable for the privacy and security of patients\u2019 health information. As a former health care lawyer, I know that many health care providers understand and abide by their obligations under the Privacy and Security Rules. Although EHRs allow providers to use information more effectively to improve the quality and efficiency of your care, they do not change the obligations providers have to keep your protected health information private and secure.<\/p>\n\n\n\n

Following my recent appointment as OCR\u2019s Director, I had a number of conversations that made it apparent to me that many patients recognize some of the health privacy jargon such as \u201cHIPAA\u201d or \u201cthe Notice of Privacy Practices,\u201d but often do not know their rights under the HIPAA Privacy and Security Rules  — especially in terms of how these rules relate to EHRs.<\/p>\n\n\n\n

The HIPAA Privacy Rule gives you rights over your own health information, regardless of its form. Whether your record is in paper or electronic form, under the Privacy Rule you have the right:<\/p>\n\n\n\n