December 7, 2001

Every time a patient comes to the MGH – whether being admitted for treatment or having a routine doctor visit – information about that patient is put into his or her confidential medical record. In April 2001, the U.S. Department of Health and Human Services passed regulations protecting patients' rights to confidentiality of medical records under the Health Insurance Portability and Accountability Act (HIPAA).

While the MGH has long held patient confidentiality as one of its highest priorities, an ongoing confidentiality campaign was launched in November to remind employees and staff about the hospital's confidentiality policies and to educate them about the new HIPAA guidelines. Below is information about the foundation of patient confidentiality – protecting information contained in the medical record.

A patient's medical record – also known as a "health record" – includes clinical information about the patient, as well as administrative data such as billing, insurance and demographic information. The medical record plays many important roles in a patient's medical care:

• It provides a view of the patient's health history and current health status, including sickness, wellness, measurements, prognosis and observations.
• It provides a method for clinical communication and care planning among health care providers serving the patient.
• It provides supporting documentation for the reimbursement of the cost of services provided to the patient.
• It serves as a major resource for health care practitioner education.
• It serves as the legal document describing the services provided to the patient, as well as the legal business record for the hospital.
• It serves to document quality of patient care.
• It serves as a key source of data for outcomes research and public health purposes.

Specific employees and staff may need to access the medical record to carry out their job duties.

Deborah Adair, director of MGH Health Information Services, points out that all information in a medical record should be kept confidential – even information that may seem insignificant to reveal, such as a person's birth date or age. "Health care professionals have both clinical and administrative reasons to access medical records – from checking a patient's last medication dose to looking up financial information to send to an insurance company," she says. "Employees should access a medical record only on a need-to-know basis to perform one's job. If the reason for accessing the record is not job-related, then an employee should not look into a patient's medical record."

For more information about MGH patient confidentiality policies, call Adair at (617) 726-2465 or visit http://is.partners.org/hr/affiliates/mgh/privacy.html