Functional Requirement: 2a
Citation "Compliance Guide to Electronic Health Records: A Practical Reference to Legislation, Codes,
Regulations and Industry Standards" by Jonathan P. Tomes, J.D. (Washington, DC: Faulkner &
Gray 1994-95)
Pages 142
Extract A. Stringent security procedures for entry into the immediate environment in which the
computerized medical data base is stored and/or processed or for otherwise having access to confidential
information should be developed and strictly enforced so as to prevent access to the computer facility by
unauthorized personnel.
Functional Requirement: 10
Citation "Compliance Guide to Electronic Health Records: A Practical Reference to Legislation, Codes,
Regulations and Industry Standards" by Jonathan P. Tomes, J.D. (Washington, DC: Faulkner &
Gray 1994-95)
Pages 142
Extract D. Upon termination of computer service bureau services for a physician, those computer files
maintained for the physician should be physically turned over to the physician, or destroyed (erased). In
the event of file erasure, the computer service bureau should verify in writing to the physician that the
erasure has taken place.
Functional Requirement: 13
Citation Compliance Guide to Electronic Health Records: A Practical Reference to Legislation, Codes,
Regulations and Industry Standards" by Jonathan P. Tomes, J.D. (Washington, DC: Faulkner &
Gray 1994-95)
Pages 56
Extract [Medical] providers may release records to persons doing research or maintaining health statistics,
provided the department established rules for the conduct of such research to ensures the anonymity of
the patient. Arizona Revised Statutes 36-509 (A).
Citation Compliance Guide to Electronic Health Records: A Practical Reference to Legislation, Codes,
Regulations and Industry Standards" by Jonathan P. Tomes, J.D. (Washington, DC: Faulkner &
Gray 1994-95)
Pages 57
Extract Under Arkansas Code Annotated 20-9-304, all information, interviews, reports, statements,
memoranda, or other data of the State Board of Health, Arkansas Medical Society, allied medical
societies, or in-hospital staff committees of licensed hospitals, are strictly confidential. Such information
is only for medical research. This provision does not apply to the original medical records of patients
used in the course of medical studies for the purpose of reducing morbidity or mortality. Any authorized
person, hospital, sanitarium, nursing home, rest home or other organization may provide such
information relating to the condition and treatment of any person to the entities listed above for use in
the course of studies for the purpose of reducing morbidity or mortality without incurring liability for
damages or other relief. In any event, however, the patient's identity is confidential, and no researcher
may release it under any circumstances.
Citation Compliance Guide to Electronic Health Records: A Practical Reference to Legislation, Codes,
Regulations and Industry Standards" by Jonathan P. Tomes, J.D. (Washington, DC: Faulkner &
Gray 1994-95)
Pages 57
Extract California's Confidentiality of Medical Information Act, California Civil Code 56.10, confirms
patient's rights to privacy in their medical records by governing the release of patient-identifiable
information by health care providers. The Health and Safety Code 1795.12 provides for patient or
patient representative access upon request and payment of reasonable clerical costs. Violation of this
section may result in disciplinary action by the licensing authority.
Citation Compliance Guide to Electronic Health Records: A Practical Reference to Legislation, Codes,
Regulations and Industry Standards" by Jonathan P. Tomes, J.D. (Washington, DC: Faulkner &
Gray 1994-95)
Pages 58
Extract California Health & Safety Code 199.21 provides for both civil and criminal liability for
wrongful disclosure of AIDS test results.
Citation Compliance Guide to Electronic Health Records: A Practical Reference to Legislation, Codes,
Regulations and Industry Standards" by Jonathan P. Tomes, J.D. (Washington, DC: Faulkner &
Gray 1994-95)
Pages 59
Extract [California] Section 199.30 provides for confidentiality of research records of AIDS patients. Id.
199.32 states that audit personnel must protect such records in the course of conducting financial audits
or program evaluations, and audit personnel shall not directly or indirectly identify any individual
research subject in any report of a financial audit or program evaluations.
Citation Compliance Guide to Electronic Health Records: A Practical Reference to Legislation, Codes,
Regulations and Industry Standards" by Jonathan P. Tomes, J.D. (Washington, DC: Faulkner &
Gray 1994-95)
Pages 60
Extract Colorado Revised Statutes 25-1-120 specifies that among the rights of patients of nursing and
intermediate care facilities is the right to have privacy in treatment including confidentiality in the
handling of personal and medical records.
Citation Compliance Guide to Electronic Health Records: A Practical Reference to Legislation, Codes,
Regulations and Industry Standards" by Jonathan P. Tomes, J.D. (Washington, DC: Faulkner &
Gray 1994-95)
Pages 61
Extract Connecticut General Statute 19a-550, titled "Patient's Bill of Rights," provides for patients' rights
to confidentiality generally. Section 19a-550 provides that a nursing home or chronic disease hospital
must assure any patient confidential treatment of the patient's personal and medical records and may
approve or refuse their release to anyone outside the facility, except in case of the patient's transfer to
another health care institution or as required by law or third-party payment contract.
Citation American Medical Association Confidentiality Statement
Extract Confidentiality: Computers. The utmost effort and care must be taken to protect the confidentiality
of all medical records. This ethical principle applies to computerized medical records as it applies to any
other medical records. The confidentiality of physician-patient communications is desirable to assure
free and open disclosure by the patient to the physician of all information needed to establish a proper
diagnosis and attain the most desirable clinical outcome possible. Protecting the confidentiality of the
personal and medical information in such medical records is also necessary to prevent humiliation,
embarrassment, or discomfort of patients. At the same time, patients may have a legitimate desire to
have medical information concerning their care and treatment forwarded to others. Both the protection
of confidentiality and the appropriate release of information in records is the rightful expectation of the
patient. A physician should respect the patient's expectations of confidentiality concerning medical
records that involve the patient's care and treatment, but the physician should also respect the patient's
authorization to provide information from the medical record to those whom the patient authorizes to
inspect all or part of it for legitimate purposes.
Citation Compliance Guide to Electronic Health Records: A Practical Reference to Legislation, Codes,
Regulations and Industry Standards" by Jonathan P. Tomes, J.D. (Washington, DC: Faulkner &
Gray 1994-95)
Pages 53
Extract Alaska's constitution sets forth the right to privacy. In Gunnerud v. State, 611 P.2d 69 (Alaska
1980), the court held that granting access to the private medical records of a witness would be an
unwarranted infringement of the privacy of the witness unless the material was relevant.
Citation Compliance Guide to Electronic Health Records: A Practical Reference to Legislation, Codes,
Regulations and Industry Standards" by Jonathan P. Tomes, J.D. (Washington, DC: Faulkner &
Gray 1994-95)
Pages 53
Extract Alaska law states that patients have the right to confidentiality of their medical records and
treatments. Alaska Administrative Code title 7 12.890 (a).
Citation Compliance Guide to Electronic Health Records: A Practical Reference to Legislation, Codes,
Regulations and Industry Standards" by Jonathan P. Tomes, J.D. (Washington, DC: Faulkner &
Gray 1994-95)
Pages 54
Extract [Medical] providers may release patient records and information without consent for research
projects authorized by the governing board if they preserve anonymity in the reported results. Alaska
Administrative Code title 7, 13.130 (b)(3).
Last Modified: 7/3/96 [kjb]
Additional Warrant by Professions:
Lawyers |
Auditors |
Records Managers |
Information Technologists |
Managers
MAIN MENU |
Functional Requirements |
Production Rules |
Metadata Specifications |
Glossary
|