It is the responsibility of a Covered Entity (CE) to keep every Protected Health Information (PHI) about a patient secured. If PHI is not well kept, it may get to a third party and if this happens, the CE will be held responsible. It is therefore the responsibility of the CE to take the needed steps to ensuring that patients’ PHI are kept well secured. A health care provider who is a CE under the Health Insurance Portability and Accountability Act (HIPAA) must do what needs to be done to protect the integrity, confidentiality and availability of every electronic Protected Health Information (ePHI) that is maintained in the CE’s Electronic Health Record (HER).
Keeping an Electronic Health Record (HER) as a CE will have some influence on the types and combinations of safeguards that will be needed to protect patients’ health information and keep them confidential.
Electronic Health Records (HER) come with themselves new responsibilities for safeguarding patients’ health information in an electronic form. One of the responsibilities that come with using an HER is that a CE must first carry out a risk analysis which is also called security risk assessment. This will help a CE comply with the Health Insurance Portability and Accountability Act (HIPAA) Security Rule and meaningful use requirements and at the same time uphold the trust of the patients concerned. If the risk assessment is well done, a CE will be able to ascertain the flaws in the security system and identify possible security weaknesses both in the current term and in the future.
The good thing about using Electronic Health Records (EHRs) is that a well configured and proven or certified HER is more reliable than paper record system. They provide more protection to ePHI than the paper records.