Functional Requirements for Evidence in Recordkeeping: The Pittsburgh Project

This site was recovered in 2002 (using the Wayback Machine)
following its disappearance from the Web site of the University of Pittsburgh.
Unfortunately, not all pages were retrievable.


Warrant Taken from MEDICAL Literature



Functional Requirement: 2a
Citation "Compliance Guide to Electronic Health Records: A Practical Reference to Legislation, Codes, Regulations and Industry Standards" by Jonathan P. Tomes, J.D. (Washington, DC: Faulkner & Gray 1994-95)
Pages 142
Extract A. Stringent security procedures for entry into the immediate environment in which the computerized medical data base is stored and/or processed or for otherwise having access to confidential information should be developed and strictly enforced so as to prevent access to the computer facility by unauthorized personnel.


Functional Requirement: 10
Citation "Compliance Guide to Electronic Health Records: A Practical Reference to Legislation, Codes, Regulations and Industry Standards" by Jonathan P. Tomes, J.D. (Washington, DC: Faulkner & Gray 1994-95)
Pages 142
Extract D. Upon termination of computer service bureau services for a physician, those computer files maintained for the physician should be physically turned over to the physician, or destroyed (erased). In the event of file erasure, the computer service bureau should verify in writing to the physician that the erasure has taken place.


Functional Requirement: 13
Citation Compliance Guide to Electronic Health Records: A Practical Reference to Legislation, Codes, Regulations and Industry Standards" by Jonathan P. Tomes, J.D. (Washington, DC: Faulkner & Gray 1994-95)
Pages 56
Extract [Medical] providers may release records to persons doing research or maintaining health statistics, provided the department established rules for the conduct of such research to ensures the anonymity of the patient. Arizona Revised Statutes 36-509 (A).

Citation Compliance Guide to Electronic Health Records: A Practical Reference to Legislation, Codes, Regulations and Industry Standards" by Jonathan P. Tomes, J.D. (Washington, DC: Faulkner & Gray 1994-95)
Pages 57
Extract Under Arkansas Code Annotated 20-9-304, all information, interviews, reports, statements, memoranda, or other data of the State Board of Health, Arkansas Medical Society, allied medical societies, or in-hospital staff committees of licensed hospitals, are strictly confidential. Such information is only for medical research. This provision does not apply to the original medical records of patients used in the course of medical studies for the purpose of reducing morbidity or mortality. Any authorized person, hospital, sanitarium, nursing home, rest home or other organization may provide such information relating to the condition and treatment of any person to the entities listed above for use in the course of studies for the purpose of reducing morbidity or mortality without incurring liability for damages or other relief. In any event, however, the patient's identity is confidential, and no researcher may release it under any circumstances.

Citation Compliance Guide to Electronic Health Records: A Practical Reference to Legislation, Codes, Regulations and Industry Standards" by Jonathan P. Tomes, J.D. (Washington, DC: Faulkner & Gray 1994-95)
Pages 57
Extract California's Confidentiality of Medical Information Act, California Civil Code 56.10, confirms patient's rights to privacy in their medical records by governing the release of patient-identifiable information by health care providers. The Health and Safety Code 1795.12 provides for patient or patient representative access upon request and payment of reasonable clerical costs. Violation of this section may result in disciplinary action by the licensing authority.

Citation Compliance Guide to Electronic Health Records: A Practical Reference to Legislation, Codes, Regulations and Industry Standards" by Jonathan P. Tomes, J.D. (Washington, DC: Faulkner & Gray 1994-95)
Pages 58
Extract California Health & Safety Code 199.21 provides for both civil and criminal liability for wrongful disclosure of AIDS test results.

Citation Compliance Guide to Electronic Health Records: A Practical Reference to Legislation, Codes, Regulations and Industry Standards" by Jonathan P. Tomes, J.D. (Washington, DC: Faulkner & Gray 1994-95)
Pages 59
Extract [California] Section 199.30 provides for confidentiality of research records of AIDS patients. Id. 199.32 states that audit personnel must protect such records in the course of conducting financial audits or program evaluations, and audit personnel shall not directly or indirectly identify any individual research subject in any report of a financial audit or program evaluations.

Citation Compliance Guide to Electronic Health Records: A Practical Reference to Legislation, Codes, Regulations and Industry Standards" by Jonathan P. Tomes, J.D. (Washington, DC: Faulkner & Gray 1994-95)
Pages 60
Extract Colorado Revised Statutes 25-1-120 specifies that among the rights of patients of nursing and intermediate care facilities is the right to have privacy in treatment including confidentiality in the handling of personal and medical records.

Citation Compliance Guide to Electronic Health Records: A Practical Reference to Legislation, Codes, Regulations and Industry Standards" by Jonathan P. Tomes, J.D. (Washington, DC: Faulkner & Gray 1994-95)
Pages 61
Extract Connecticut General Statute 19a-550, titled "Patient's Bill of Rights," provides for patients' rights to confidentiality generally. Section 19a-550 provides that a nursing home or chronic disease hospital must assure any patient confidential treatment of the patient's personal and medical records and may approve or refuse their release to anyone outside the facility, except in case of the patient's transfer to another health care institution or as required by law or third-party payment contract.

Citation American Medical Association Confidentiality Statement
Extract Confidentiality: Computers. The utmost effort and care must be taken to protect the confidentiality of all medical records. This ethical principle applies to computerized medical records as it applies to any other medical records. The confidentiality of physician-patient communications is desirable to assure free and open disclosure by the patient to the physician of all information needed to establish a proper diagnosis and attain the most desirable clinical outcome possible. Protecting the confidentiality of the personal and medical information in such medical records is also necessary to prevent humiliation, embarrassment, or discomfort of patients. At the same time, patients may have a legitimate desire to have medical information concerning their care and treatment forwarded to others. Both the protection of confidentiality and the appropriate release of information in records is the rightful expectation of the patient. A physician should respect the patient's expectations of confidentiality concerning medical records that involve the patient's care and treatment, but the physician should also respect the patient's authorization to provide information from the medical record to those whom the patient authorizes to inspect all or part of it for legitimate purposes.

Citation Compliance Guide to Electronic Health Records: A Practical Reference to Legislation, Codes, Regulations and Industry Standards" by Jonathan P. Tomes, J.D. (Washington, DC: Faulkner & Gray 1994-95)
Pages 53
Extract Alaska's constitution sets forth the right to privacy. In Gunnerud v. State, 611 P.2d 69 (Alaska 1980), the court held that granting access to the private medical records of a witness would be an unwarranted infringement of the privacy of the witness unless the material was relevant.

Citation Compliance Guide to Electronic Health Records: A Practical Reference to Legislation, Codes, Regulations and Industry Standards" by Jonathan P. Tomes, J.D. (Washington, DC: Faulkner & Gray 1994-95)
Pages 53
Extract Alaska law states that patients have the right to confidentiality of their medical records and treatments. Alaska Administrative Code title 7 12.890 (a).

Citation Compliance Guide to Electronic Health Records: A Practical Reference to Legislation, Codes, Regulations and Industry Standards" by Jonathan P. Tomes, J.D. (Washington, DC: Faulkner & Gray 1994-95)
Pages 54
Extract [Medical] providers may release patient records and information without consent for research projects authorized by the governing board if they preserve anonymity in the reported results. Alaska Administrative Code title 7, 13.130 (b)(3).

Last Modified: 7/3/96 [kjb]



Additional Warrant by Professions:
Lawyers | Auditors | Records Managers | Information Technologists | Managers



MAIN MENU | Functional Requirements | Production Rules | Metadata Specifications | Glossary

Page last updated at Archives & Museum Informatics: www.archimuse.com on October 30, 2006 .
Queries to