EMR Access and Confidentiality Based on Patient and Hospital Staff Perspectives

Abstract

Introductions: The Electronic Medical Records (EMR) system is a longitudinal electronic record consisting of all the information relevant to a patients’ health and well-being, generated by at least one encounter in a healthcare setting. It can be accessed within an institution with multi-level accessibility based on authentication customized to the type of user. Since the EMR system potentiates an organised and holistic medical history specific to a patient, it enables medical professionals to deliver a higher quality of healthcare services. Aims: The aims of this study were to understand the global perspective of EMR and its implementation as well as to locate the gaps of knowledge that still existed in the understanding and definition of EMR amongst patients and hospital staff. Methods: All major bibliographic databases such as PubMed and Google Scholar and several specialist datasets such as PsycINFO, MEDLINE and EBSCOhost from the previous 10 years (2007-2017) were employed in our search. Paper citations which utilised a reference standard were incorporated for quality assessment. An initial search found 2700 articles however after factoring in the inclusion and exclusion criteria, only 78 articles were included in this review. Results: Our findings indicated a discrepancy between the expectation of patients and what was actually practiced. Patient concerns mainly involved easy access of healthcare professionals other than doctors to their EMR in addition to non-medical information. The assumption of confidentiality was expected to be maintained by indifference; however, a good face-to-face explanation cannot be substituted with control over content and access to EMR. In the event of a breach in patient confidentiality, lawsuits against healthcare providers will rise exponentially as patients are now well-informed and more empowered to ask questions regarding the care they are receiving and information being disclosed to other parties. Conclusion: Security of information can be attained with better modelling protocols, end-user training and refresher courses done on a regular basis. Finally, controls of access will need to be implemented via passwords and digital signatures. © 2018 Dhillon et al.