11047125 m resized 600This is the last in our series of blogs on electronic health record security. The first two covered physical security and digital security. The focus of this article is data confidentiality.

Client data should only be viewed on a need to know basis.

There are a number of things your software can do to allow you to enforce confidentiality restrictions.

  1. Role assignments could be used to restrict users from certain portions of the application. For example, billers shouldn’t have any need to see charting information and so they should be assigned to a role that prevents them from viewing the charting screens.
  2. Program assignments could be used to group your clients into separate categories. Your employees could then be assigned to the programs for which they need access to. For example, if you have a nurse that deals strictly with maternal child health, they should have no need to view records for clients that are being seen for HIV treatment.
  3. Audit trails could be created for the actions your employees take in the application. With an audit trail you would be able to run a report that gives you insight into the records that a given employee has viewed, 11150943 m resized 600created, modified or deleted. If a client wants to know which of your employees has viewed their record, you would have no trouble getting them this information.

There is one last thing that you can do to ensure your software application is secure.

Be informed. Don’t be afraid to ask questions of your EHR software vendor, they should be able to respond to any inquiries regarding the security measures they have in place that makes their application safe and secure.

You’re already taking an important step towards being informed when evaluating software products just by reading this blog.

You can never be too safe when looking for a place to store your confidential data.

Missed the first two? Catch up now at Is Your EHR Secure: 3 Key Things to Ask (Part 1) and Is Your EHR Secure: 3 Key Things to Ask (Part 2).