Electronic Health Record

An Electronic Health Record (EHR) is a digital record of real-time patient-centered information for use by authorized users. The information captured in an EHR mainly concerns the patient’s identification, but the EHR system may contain a patient’s medical or treatment records. Since such information is sensitive, and to abide by the Privacy Act, healthcare providers ensure utmost privacy and security of the patient’s information. Besides, they are compelled by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule to ensure patients have the right over their health information, and that it is not accessed by unauthorized users.

The HIPAA is mandatory for all healthcare providers that match the covered entity. A covered entity is that which transmits health information electronically (Nass, Levit & Gostin, 2009). The HIPAA privacy and security rules have the guidelines that define information security in healthcare provision and research as the preservation of data confidentiality, integrity, and availability. Also, the guidelines apply to all protected health information (PHI). Notably, the EHR stores PHI, which makes HIPAA security and privacy rules applicable. Besides, PHI is usually patient-centered, thus requiring maximum confidentiality, integrity, and availability to them.

Healthcare providers must adopt the best EHR technology, and a HIPAA compliance strategy to honor the National Institute of Standards and Technology (NIST). That way, they are committed to the safety and integrity of the patient’s health information. However, HIPAA security rules are sufficient in ensuring that EHRs are resilient to breaches. Hence, the EHR technology should have access control capabilities, inscription tools, and have an audit trail feature to enhance the security and privacy requirement. (Nass, Levit & Gostin, 2009).


Nass, S., Levit, L., & Gostin, L. (2009). Beyond the HIPAA privacy rule. Washington, D.C.: National Academies Press.