You should treat your medical records with care just like with your keys, wallet, and phone. Hopefully, medical providers are treating your data even better. By the time we’re done today, you’ll know about health record protection as well as how to use those records properly.

When you see your doctor and their scribe typing furiously on their devices in the exam room, they’re trying to update your medical record, which includes things like your basic family health history, surgeries, meds, lab results, visit notes and more. It’s a great idea to keep an electronic or paper copy of such data for yourself. Why? Because the records being kept at your primary care doctor’s office may not sync up with the record that a hospital or your private specialist uses. Before rushing into the specifics for getting a hold of your health record, it’s more important to know a few simple terms and the background of why people get all up in arms over laws like HIPAA.

You’ve probably heard a few acronyms like EHR, EMR, and PHI get thrown around. All of these items have one common thread—their contents can be traced back to you, the individual patient, and because of that weakness, said contents are supposed to be protected. Your electronic medical record, or EMR, holds your medical and clinical history that are generally accessible by a specific facility’s doctors and staff. This software is what doctors use in and out of the exam room to record medicines, changes to treatment, official assessments, etc. In the old days this info would be on paper in a thick manila or tan folder. Now it’s on the cloud or saved to an encrypted hard drive somewhere. You may not be able to touch it, but caring for that data involves concrete ramifications. Obviously, your doctor needs your history documented cleanly and thoroughly to help you over time, which is why EMRs are the cornerstone of the medical field’s day-to-day operations. One major issue happens when you need to go to another place that uses different EMR software—your individual notes don’t just magically beam to your next destination like Scotty would do for you in Star Trek. This is why electronic health records, or EHRs, exist. EHRs are meant to be a combined record saved on a cloud server or sometimes a government database holding your accumulated info. An app like MyChart is a great example of this. Any medical info, whether it be stored by a healthcare entity on your behalf or if those records are in your own storage, fall under the umbrella of protected health information, or PHI. The core concept here, again, is that any of this data, which include date of birth, contact info, stated gender and medical records, can be traced back to individuals. This is where the Health Insurance Portability and Accountability Act, better known as HIPAA, comes into play. I swear that HIPAA is the last acronym I’ll use today.

The core purpose of HIPAA is to protect your personally identifiable data held by healthcare providers, health insurance plans, clearinghouses, and Medicare prescription sponsors. Those parties I just mentioned are what that law calls “covered entities.” Even though this act was signed into law in 1996, which believe it or not, is before twitter and smartphones, HIPAA’s been revised numerous times because the world of technology moves so fast such that it becomes harder to protect health info. The HIPAA journal and HIPAA guide websites do a great job summing up changes to the law. I’ll link those sources in my Substack post found at rushinagalla.substack.com. History lessons are cool but I want to cover the practical matters of record protection that patients should know. The stewards of your medical records can release said data to places like other healthcare facilities or to staff within a clinic who have to know certain things about you to give the best possible care. However, these parties still need to place reasonable safeguards for expected threats to your PHI—it doesn’t matter if your info gets leaked by accident, that’s still a serious issue. You can’t stroll up and hijack a car like it’s Grand Theft Auto, get caught, say you didn’t know it was illegal, and then expect to go home free. The most common HIPAA violations to be aware of happen with facilities overestimating their security measures and from those places not training staff to handle sensitive material properly. Any clinic you go to or insurance plan you link up with needs to state their privacy practices. Unlike the terms and conditions or user agreement you might sign immediately with any piece of software, you should probably take a moment to listen when someone who keeps your health info tells you what they can and can’t do..

Some common themes come up for rights that should be made explicit to you. For example, you can request your medical record or ask for corrections to it anytime. You also have the opportunity to spell out who gets clear access to medical data and also how you’d prefer to communicate about health matters (i.e. over the phone, email, telemedicine, only face-to-face). This might seem trivial, especially because technology and social media dull our sense of what privacy means today, but telling the world on twitter what you ate for breakfast today is easier than telling the world you have diabetes.

There will come a time when you need a copy of your medical or health record for something, whether it be for visiting another healthcare facility nearby or if you are moving somewhere far away. Although you have a right to request your record, each place handles information transfers differently. The best approach is to call your provider’s office to get details on this process, but in some cases a hospital’s website can outline what to expect. A facility shouldn’t refuse to transfer your record even if you have unpaid bills with that place. HIPAA guidelines suggest that providers have 30 days to send your record in whatever format you request, which is sensible. I speak from my own experience helping patients do this because gathering and summarizing years of chart notes, labs, and commentary into one neat package is time consuming. At some point you will need to sign a release form showing at the bare minimum who you are, what medical info you want, and where the data are going. Certain patients might just wish for specific notes or lab results and nothing else transferred. In some cases, you might get billed for obtaining a paper copy, mailed copy, or USB drive for a medical record but this fee should be reasonable. If your doctor is just faxing your records to another physician, that should be complementary. In my view, picking up and hand-carrying your medical records is the best approach with minimal risk of loss via fax or snail mail.

Now you get home and you have a moment to glance at the copy of your history. Even if your record has a lot of comments that are in medical-speak, there’s no need to worry, because all your medications and provider’s recommendations should be there in mostly plain English. Now that you know how medical info should be protected and how to get a hold of it, you can be more in tune with the overall trend of your health, especially because data expands so fast, all the time. Another thing growing a lot in healthcare are drug prices, which is the prime topic we’ll break down the brief story of in our next podcast. Stayed tuned and subscribe to Friendly Neighborhood Patient for all that matters to your healthcare journey. I’ll catch you at the next episode.

This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit rushinagalla.substack.com