Best practices for patients accessing their electronic health records

Electronic health records empower patients to look into their medical history and take action when it comes to their healthcare.

By having more information in their back pockets, patients can figure out which steps they need to take to improve and maintain their wellbeing.

According to a national survey, 94 percent of providers said that EHRs result in clinical benefits for their practices, and 75 percent reported that EHRs give them the opportunity to deliver better care to patients.

The upsides of EHRs are clear, but in order for the system to work, both providers and patients need to have access to the information. However, if patients don't practice some safety guidelines while looking at their EHRs, they are putting themselves, as well as their doctors, at risk.

The following are a few best practices to avoid compromised information when allowing patients to go into their EHRs.

Require complicated passwords

Hackers who want to capture patient data will be thwarted by complicated passwords. That's why you need to ensure that patients are utilizing strong passwords when they log into their EHRs.

A great password will include at least 12 to 14 characters, and a mix of numbers, symbols, lower-case and upper-case letters. It shouldn't be a word in the dictionary or a combination of dictionary words, and shouldn't use obvious number replacements for words, such as using a zero in the word "H0use," according to How-To Geek.

Let your patients know that the passwords for their EHRs should not be the same as passwords for other logins they may have. Sometimes, hackers can easily break into accounts just by typing the same password into separate logins.

Ask security questions

In the situation of a lost password, a patient should be obligated to answer security questions. This is more secure than simply sending a password reset link via email.

A system's security questions should be universal, meaning they can be applied to as many people as possible. They should allow for a consistent answer, memorable to the patients and safe, which means they can't be easily researched online, according to OWASP.

For example, you might ask, "What was the name of your first pet?" instead of "What's your pet's name?" People get new pets, so that answer could change over time. The answer to this question is easy to remember, universal and probably cannot be found online.

Inform patients about Wi-Fi safety

Unprotected Wi-Fi connections are susceptible to hacking. Someone could easily go to a coffee shop that doesn't have password restrictions on the Wi-Fi, and collect all the data people are sending over their connected computers. Within a few minutes, the hacker can potentially steal tons of information.

When patients sign up to look at their EHRs, let them know about the importance of only logging onto password-protected Wi-Fi. If they're accessing your records within your facility, make sure your Wi-Fi is password-protected as well. This should be done through a WPA2 connection, which provides a strong encryption of data. Encrypting scrambles the information so that hackers can't decipher it.

Only allow doctors to change key medical information

Some EHRs offer patients the opportunity to edit information within the system, while others don't let them make any changes. According to Healthcare Business & Technology and a survey from Accenture, 82 percent of physicians want patients to be able to update certain parts of their EHRs. The parts include demographic data, medications, allergies, new symptoms, family medical history, blood pressure and glucose levels. However, 47 percent of doctors said that patients shouldn't be able to edit or add their own lab test results.

When it comes to some areas of medical records, patients shouldn't have the authority to go in and change the information, for the benefit of their wellbeing. When you set up your EHRs, decide which data only doctors can input and edit.

Putting your EHRs to work

EHRs are effective because they keep patients up-to-date on their medical history, medication refills and appointment notices. While it's a good idea to give customers access to their records, you should take precautions to avoid problems that could have dire consequences. With a few simple steps, you can ensure that accessing records is a safe and easy process for patient and provider alike.

Kylie Ora Lobell writes about business and legal matters for The Home Depot. She provides advice on topics such as preventing your Wi-Fi from getting hacked. If you are looking for a new wireless router extender with better security encryption options, like the one Kylie talks about in this article, click here.

The views, opinions and positions expressed within these guest posts are those of the author alone and do not represent those of Becker's Hospital Review/Becker's Healthcare. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months