Feasibility of ensuring confidentiality and security of computer-based patient records. Council on Scientific Affairs, American Medical Association

Abstract

Legal and ethical precepts that apply to paper-based medical records, including requirements that patient records be kept confidential, accurate and legible, secure, and free from unauthorized access, should also apply to computer-based patient records. Sources of these precepts include federal regulations, state medical practice acts, licensing statutes and the regulations that implement them, accreditation standards, and professional codes of ethics. While the legal and ethical principles may not change, the risks to confidentiality and security of patient records appear to differ between paper- and computer-based records. Breaches of system security, the potential for faulty performance that may result in inaccessibility or loss of records, the increased technical ability to collect, store, and retrieve large quantities of data, and the ability to access records from multiple and (sometimes) remote locations are among the risk factors unique to computer-based record systems. Managing these risks will require a combination of reliable technological measures, appropriate institutional policies and governmental regulations, and adequate penalties to serve as a dependable deterrent against the infringement of these precepts.