We asked Christina Galanis, president and CEO of HealthlinkNY, the health-information exchange funded by the New York State Department of Health, to give us the lowdown about the safety of electronic medical records.
“HealthlinkNY lets providers look up medical records throughout the state, as long as the patient has given consent,” she says. “This has amazing benefits for patients, yet everything about HealthlinkNY is designed to safeguard the patient’s privacy,” explains Galanis, whose agency serves the Hudson Valley and the Southern Tier of New York. “All data is encrypted. No temporary passwords are issued, and passwords must be changed every 90 days. Only authorized clinicians who are treating you can access your health records and only after you’ve signed a consent form authorizing it. We set different levels of access within a medical practice or hospital, so physicians, physician assistants, and nurses can see all your medical information, while clerical staff can see only administrative information. We consider it to be a security breach if someone uses someone else’s log-in information. In that situation, that medical practice would face consequences.”
Patients, Galanis assures, “really are in control over who sees their medical records. They have to sign a consent form for every provider organization they see. They have three choices: They can consent to make their records available for all treatments, to make their records available only in an emergency, or they can deny access to their records in all situations.”