Informed Consent And Patient Confidentiality In Medical Care: Legal Framework In India

Legal Issues on Confidentiality, Access of Medical record and Data Security of Electronic medical records.

Objectives
?To clarify the legal issues on patient confidentiality
?To discuss the law relating to Access medical records
?Data security of Electronic medical records in India.

Chapters
1.Chapter 1: Introduction
It should explain the relevance of understanding the legal issues on confidentiality and about the data security.
2.Chapter 2: The legal issues on patient confidentiality
2.1.Introduction
2.2.Patient confidentiality
2.3.Doctor Patient Relationship
2.4.Laws relating to confidentiality
Include case laws which gives explanation about the access to medical records
2.5.Legal issues
3.Chapter 3: Laws relating to Access medical records (India)
3.1.Introduction
3.2.Access to medical record: who and when
3.3.Laws
Include case laws which gives explanation about the access to medical records
4.Chapter 4: Data Security of Electronic medical records
4.1.Introduction
4.2.Advantages of electronic medical records
4.3.Disadvantages of Electronic medical record ( with paper records)
4.4.Data Security
5.Chapter 5: Conclusion

The absence of age limit specifications for valid consent

The concept of informed consent in regard to medical research and treatment is still unknown to the medical researchers and practitioners as well. In this regard, it is noteworthy to mention here that the doctor-patient relationship in India is governed by the relationship of trust and authorization. However, in modern era, the concept of informed consent is still ignored while dealing with the issues of the patients in daily medical practices. In order to complicate such issue further, the India law has not given proper specifications regarding the age limit in which an individual can give a valid consent.

It is evident that, still now, the Indian Penal Code has been silent regarding the legal validity of the consent received from persons aged between twelve and eighteen. It is worthwhile to mention here that, at this age limit the concept of “right to confidentiality” can be emphasized upon; the Courts are at the authority to define it or it can be defined by the statutory provisions. Therefore, mention can be made regarding the fact that, there is a requirement of statutory provision for the purpose of removing the existing ambiguities and uncertainties in the way of the concept of age consent. As a result of it, an individual’s right to medical confidentiality at a particular age can be examined.

In the case of Samira Kohli vs. Prabha Manchanda Dr. & ANR 1(2008) CPJ 56 (SC), it was recognized by the Supreme Court of India that, a majority of the Indian citizens requiring medical attention and treatment falls below the poverty line. In this regard, it can be observed that most of them are illiterate and do not understand the complexity of the modern medical terms, conditions, concepts as well as the treatment procedures. They do not have proper understanding regarding the functioning of various body organs and the probable effect if such organs were removed after a certain time. They are not given proper access to costly diagnostic procedures and have to act according to the guidelines prescribed by the doctors and medical practitioners. Presently, the Indian Penal Code has stated in the provisions of Section 87 that a person aged above 18 years can provide a valid consent however; according to the provisions of Section 89 of the Indian Penal Code a child aged less than 12 years cannot provide valid consent.  

In modern era, individuals are often confused with the concept of confidentiality and the value of trade secrets. In this regard, privacy refers to the utilization and disclosure of personal information which is only applicable in cases regarding the information provided to specific group of individuals. As the concept of personal information is such that it can be regarded as the manifestation of individual personality. In this context, the Courts of India most importantly the Supreme Court of India have rightly recognized the right to privacy as it forms an integral part of right to life and liberty. The right to life and liberty is a fundamental right guaranteed to every individual under the Indian Constitution. In this regard, the right to privacy has been provided to every individual and utmost importance has been given by the Indian Judiciary keeping in consideration the security of the state and community interests.

The lack of legislation on data privacy and protection

At present, no specific legislations are there dealing with data privacy and protection of data. However, the protection of privacy and data can be derived from various laws in regard to information technology, the intellectual property rights and the crimes and contractual relations. From the very beginning, the Information Technology Act 2000 has been providing a safeguard against certain breaches regarding data protection of computer systems. The Information Technology Act 2000 deals with provisions for the purpose of preventing unauthorized use of computers, computer systems and data stored within it. The Act provided personal liability in case of illegal and unauthorized access to computers, computer systems and the information stored within it. It is worthwhile to mention here that, the Information Technology Act 2000 has been silent in regard to the liability on the part of the internet service providers and network service providers dealing with data handling. According to the provisions of Section 79 of the Information Technology Act 2000, the liability on the part of the entities can be emphasized in regard to the concept of knowledge and capacity before the determination of existing scope of penalties. It signifies the fact that, the network service provider and the outsourcing service provider cannot be held liable for the acts on the part of a third party data. However, it is important to prove that, such contravention has been caused without his prior consent and knowledge and that he has exercised due diligence and care to prevent such offence or contravention. In the case of Kharak Singh Vs. State of U.P (AIR 1963 SC 1295, it was observed that if there is any violation of the provisions of the Information Technology Act 2000 in an organization, the directors were held personally liable for negligent or intentional actions.

The Indian Penal Code has not specified the liabilities for the breach of data privacy. However, the provisions of Section 403of the Indian Penal Code has imposed criminal penalty in regard to dishonest misappropriation of a movable property for personal use. In this regard, the Intellectual Property Rights Act and the Indian Copyright Act has been prescribing mandatory punishment for committing piracy of copyrighted data. According to the provisions of Section 63B of the Indian Copyright Act if an individual intentionally makes use of any computer data then he shall be punished for a considerable period of minimum six months and maximum three years. However, it is important on the part of the Indian Courts to recognize the copyright contained in such databases and that whether the copyright was infringed. If any infringement is caused in respect to such databases, the existing outsourcing company may take an action under the Indian Copyright Act.

Principles of confidentiality in medical practice

The legal issues regarding patient confidentiality comprises of the preservation of confidential information of the patients. These legal issues can be can be reinforced by the principles law in regard to the specific areas of law of contract, negligence, defamation and certain fiduciary duties. However, the laws pertaining to medical confidences are regarding the disclosure of confidential matters. The legal issues involving confidentiality of the patients are concerned with unlawful conduct in relation to health. This Chapter will review the laws related to confidentiality and the principles governing doctor-patient relationship.

The general principles of confidential information have been outlined in the provisions of the common law system. In this regard a duty of confidence arises on the part of the medical practitioners when he discloses any reasonable information to the patient. However, till date there has been no criminal conviction of a doctor for actions regarding breach of confidence in spite of the occurrence of various civil claims and awarding damages which was observed in the case of Cornelius v Taranto [2001] 68 BMR 62; where duty of confidence has been breached with the revelation of medical information without receiving prior consent. In this regard, it is worthwhile to mention here that, the medical practitioner is said to have breached a patient’s confidentiality when he obtained in his part-

1. A necessary quality of confidence.
2. Disclosed information without receiving prior permission and detriment to the individual to whom it has been originally communicated.
3. Has been under the domain of a public interest to protect such confidentiality.

It is worth mentioning that, confidentiality has been the core duties in medical practice. The nature of confidentiality must be such that, it requires the doctors to keep the information related to the patient’s health private unless there is consent on the other part to release such information. Patient confidentiality is important because most of the time patients share relevant information regarding their health to the medical practitioners. Therefore, if the confidentiality of such information is not protected then the trust vested in patient-doctor relationship diminishes.

Patient’s data is treated as private property by the hospitals and healthcare units. They are selling the data for various clinical and medical researches and many drug development and related companies. As per the Indian laws for the medical records the data of the patient is treated as private property of the healthcare centers. Patients and insurers have the access to the recorded information but still it is not completely protected. But law does not provide ownership of the medical data exclusively, which can be transferred readily. This is against the confidentiality of the patients’ health records as no consent is taken from them while selling the data to the researchers or developers.

The importance of trust in doctor-patient relationships

Ethical and legal laws govern the concept of consent with respect to self determination, individual integrity, and autonomy. The same should apply to electronic medical records systems and the consent of the individual patient to whom the record belongs to is important in case of access to that record by anyone other than him. This governs the right of the patient for the confidentiality of his or her medical and personal information. Three categories of consent can be explained i.e. implied consent, expressed consent, and informed consent. Implied consent involves words or the behavior of the patient. Expressed consent involves oral or written consent. Informed consent stands for detailed explanation of the situation or issue to the patient in non medical terms and then taking his or her consent. Consent includes three related aspects which are capacity, knowledge, and voluntariness. In today’s medical practice and healthcare valid consent of the patient is important in any kind of diagnosis, examination, or treatment. Same consent should be applicable when it comes to accessing the personal medical records of the patient.

The foundation of a doctor-patient relationship is based upon trust. With the creation of an environment of trust, it has encouraged patients to seek reasonable care and make honest revelations about health conditions during every health visit. The willingness on the part of the patient to seek help and care increases considerably. It is important for the patients to share and disclose all the medical history and information about them to the physician or the doctor for proper medication and correct diagnosis of the issue. If there is no proper trust between on the doctor from the patient’s side, he or she will feel hesitant in sharing all the personal details and pertain to sharing of incomplete information. This will lead to ineffective diagnosis of the issue and hence care and treatment provided to the patient will not be helpful and curable. It may harm the patient adversely. It is necessary for the healthcare units and hospitals to have policies regarding confidentiality and privacy of the personal medical records of the patient in order to maintain the doctor-patient trust. This will help in encouraging patients to share sensitive information to the doctor during the medical visits and leads to effective and correct treatment of the health issue. Patient built their immense trust on the doctor and believes that he or she is completely safe in the hands of him. It is the doctor who saves lives of people and gives treatment and cure on time for betterment of the health of the patients. This trust should be maintained by the doctors also and they should understand it as their responsibility towards the confidentiality of the patients’ medical records and their personal information as saved in the electronic medical record system. This information is very much personal to the individual and should be accessed by anyone other than the patient upon the consent of the patient itself. The confidentiality and privacy of the medical records and health related information of the patient forms a very important aspect of the doctor-patient relationship. For health issues regarding reproductive systems, psychiatric health concerns and public health, the concept of confidentiality assures that, private information in relation to the above mentioned health conditions shall not be disclosed without prior approval. It is the duty of the healthcare staff and doctor to protect the electronically saved medical information of the patients. Even the family members or friends of the patient can access the information with prior consent of the individual patient concerned.

Three categories of consent - implied, expressed, and informed

It is evident that, the obligation of confidentiality has been prohibiting medical practitioners from disclosing certain information related to the patient’s health conditions without prior permission. However, it has proved to be beneficial for the medical practitioners to take precautions on their part to ensure that they were authorized to such access. The extent of appropriate on the part of the health care practitioners often requires that relevant information regarding the patient’s health are discussed among the health care team. In such cases, the health care teams are authorized to discuss confidential information among themselves. In this regard, mention can be made of electronic medical records which create major challenges to confidentiality. According to the provisions of Health Information Portability and Accountability Act of 1997 (HIPAA), it is important on the part of the institutions to develop policies for the purpose of protecting the privacy concern of the electronic information of the patients which includes procedures for computer accessibility and security.

In India the doctor-patient relationship is based more upon the trust rather than the laws of confidentiality or laws of consent. Many patients are not even well informed about the importance of confidentiality and privacy when it comes to their personal medical and health records. In spite of various laws regarding right to protection of individuals information, there still exists anomalies in the Indian Law regarding the specific age of eligibility to give consent for the access of the information. It should be relooked and the age should be defined in terms of medical confidentiality. There is also a need to evolve various protocols in case of getting consent for the access of medical information from the children, mentally ill patients, and illiterate patients. There is a need for the increase in the awareness among the patients about the patients’ rights for confidentiality and privacy of their information. 

The laws governing the preservation of the confidential information of the patients are depicted in the Health Services Act 1988. According to the provisions of Section 141 of the Health Services Act 1988, the medical practitioners practicing in public and private hospitals are authorized to preserve the confidential information related to the patient’s health. In W v Edgell [1990] 1 ALL ER 835, it was established that the relation between a doctor and patient is such that, it imposes a duty of confidence upon the health care practitioners. In this case, it was observed that the claimant was a prisoner who applied an application in order to get transferred into a community hospital. In such process, the lawyers acting on the behalf of the claimant sought a psychiatric report from Dr. Edgell who emphasized on the part that the patient is dangerous to the community. In this regard, Dr. Edgell has sent the report to the medical director of the secure hospital and the Home Office. However, the claimant attempted to seek an injunction to restrain disclosure of the report as it contained confidential information. In this regard, the Court was of the opinion that, the action on the part of Dr. Edgell is held to be a breach of confidence on the basis of public interest. In this case, it was decided by the Court that, the disclosure can only be justified if the nature of the danger was such that it could be foreseeable by any reasonable man of ordinary prudence.

In R v Department of Health [2001] QB 424 (CA), it was established that there is no obligation of confidence in regard to the information which cannot be utilized for the purpose of identifying the patient. In this case, the claimant was a data collection organization and the service was regarding the collection of anonymized data from the pharmacists that prescribed the capabilities of general practitioners. However, the claimant wanted to sell such information commercially. In this regard, the Department of Health (DH) initiated a policy which emphasized on the fact that pharmacists are not allowed to disclose data as it would constitute breach of confidentiality. Similarly in the case of H (A Healthcare Worker) V Associated Newspapers Limited: Ca 27 Feb 2002, the issue was regarding the disclosure of HIV condition of a health care assistant. The local newspapers were willing to publish the name of the health care institution in which he worked. In this case, the Court decided the matter accordingly and held that the newspapers are not authorized to disclose the name of the health worked including the place in which he worked because it would provide enough information to the community in identifying the patient.

The legal issues arising as a result of disclosure of the privacy and confidentiality of the patient in regard to their medical condition can be well defined by the provisions of both common and statutory laws. It is worth noting that, in most of the cases, the privacy concerns on the part of the patient is declared to be paramount. This is due to the reason that in most of the cases, in regard to the underlying circumstances, where maintenance of the patient’s privacy could pose as a major risk to the community; the medical practitioners would not be bound by the restrictions depicted in the relevant Acts and statutes. In such cases, these medical practitioners shall be obliged by way of statute in disclosing certain information related to the health status of the patients.

A medical record serves as an important aspect of patient care and it is an important document for legal, ethical and administrative purposes. Its access should be taken care of as it contains all the personal information about the patient. Wrong access and improper updating of the medical records can lead to data loss or even discrepancies in the further treatment of the patient and even lead to harmful effects on the health of the patient. Any misuse or wrong access of this document can lead to leak of personal information of the patients and is against the privacy of the patients’ records. Therefore, medical records are required to be preserved carefully and it has proved to be beneficial in protecting the rights and interests of the patients. In some cases, these medical records have saved the medical practitioners from personal liability in cases involving medical negligence. It is known to all that, in every hospital there must be a Medical Records Department that shall be responsible for storage, maintenance and preservation of various medical records. However, in recent era, these medical records are being replaced by electronic medical records which can be easily accessed by the order of the Court. The information stored in electronic medical record system should be regarded as confidential and protected against any kind of loss or wrong access. It is the right of the patient to have his or her medical records protected from any type of data theft or data misuse. Doctors and physicians should make it a strict rule that the personal and medical information of the patient should not be transferred without their consent to any individual or to any researcher. This Chapter shall review the laws relating to the access of medical records in India.

It is worthwhile to refer here that, the ownership of the medical records of the patients belongs to the medical institutions while the information depicted in them belongs to the patients. It is evident that all the original documents containing the information of the patients are detained by the medical institutions. The nature of these contents is such that, it should not be disclosed to third parties. In order to get access to these medical records, guidelines are depicted in the Medical Council of India. According to the Medical Council of India, the request made by the patient for the purpose of accessing their medical records shall be made which will be acknowledged and released within the specified period of 72 hours. However, any unauthorized disclosure of information would be amounting to piracy and defamation. In the similar manner, failure on the part of the medical institution to maintain confidentiality would constitute an issue regarding medical negligence. There are cases related to transferring of the personal information of patients to researchers for studies. This is also regarded as violating the right of patients for privacy of their personal information. Therefore, in regard to accessing of medical records, the doctors are at the authority to communicate confidential information to the patients if such information is concerned with the interests of the public as a whole. However, various statutory obligations are there for the purpose of providing proper intimation to the police in cases where the medical practitioner is entrusted with the treatment of an individual who has committed any criminal activity. In such cases, Court orders are necessary for the purpose of releasing certain information about the patient’s health. In general practice, there is a right vested on every institution to implement policies of its own in order to retain the patient’s medical records. In this regard, the medical institutions must identify relevant cases which are likely to involve litigation. The medical institutions shall preserve the records of such medical cases unless a release letter is finalized by the Court.

It has been suggested that the design of the electronic medical record system should be such that the exchange of all the sorted medical information and health data of the patients can take place according to the public standards. In order to give access to the patients to their own health and medical records along with maintaining the privacy and security of the data, there should a mechanism to give its access to patients themselves only and their doctors with their consent. Patients can only modify, annotate, create, use, disseminate and delete the record. It has been seen that fragmentation of medical records by many of the electronic medical record system takes place by using incompatible means of storing, processing, acquiring, and communicate patient’s data. Even the updating and addition of new information to the medical records should be protected and can be made available to be done by patients or the specific doctors only. According to the public standards and related doctrines, the access and permission should be in the hands of the patients only in case of their electronic medical and health records. Software for electronic medical record system should be build with the compliance of public standards and concerned laws. Along with privacy to access the medical information of the patients, it will also enable interoperability and connectivity, even in case of most diverse systems. Control of the patients will make it possible to protect the medical and health records as per their individual preferences. This will also help in preventing the misuse of the patient’s medical and personal information. Access to the medical information can be easily protected by using password protected files and folders. The password can be set by the patients only within the software used. By enforcement and establishment of various laws and standards in context to privacy to the access of personal and medical information of the individuals, all the medical data can be stored securely over the internet with no or minimum access to the outsiders. 

It is worth mentioning that, well maintained medical records shall definitely assist the doctors and the medical practitioners from escaping personal liability in cases involving medical negligence. In the case of Md. Aslam v. Ideal Nursing Home Orissa SCDRC 1994 (1) CPR 619, a drastic step was taken on the part of the State Commission in regard to the regulations governing the functioning of the nursing homes and in such process made valuable suggestions regarding the preservation of medical records. Similarly in the case of Poona Medical Foundation Ruby Hall Clinic v. Marutirao L. Titkare NCDRC 1995 (1) CPJ 232: 1995 (1) CPR 661 (NCDRC) 1996 CCJ 70, it was held by the National Commission that, not providing the medical records does that constitute the fact that negligence has occurred or there was any deficiency of service. In this case, it was further held by the Commission that, no evidences were provided before the National Commission in order to prove by the application of law or by way of practice that, there were obligations on the part of the hospital to provide the patient with the full information regarding the surgery that has been performed.

In the year 1996, January, it was held by the Bombay High Court in Raghunath G. Raheja v. Maharastra Medical Council (198 Bom AIR 1996), that it is the duty of the doctors to provide the medical records of the patients to the relatives after levying appropriate fees from them. In this regard, it was also held that, the medical practitioners and hospitals cannot claim any confidentiality in regard to the medical records relating to the patient. According to the Indian Medical Council (Professional conduct, Etiquette and Ethics) Regulations, 2002, it is important on the part of the physicians to maintain the medical records for a considerable period of three years from the date of the commencement of the treatment. In this regard, if any request has been made by the patient or by his relative regarding the access of medical records, then the doctor or the medical attendant is bound to do so within a stipulated period of 72 hours.

Similarly, in the case of Nihal Kaur v. Director, PGI, Chandigarh 1996 (3) CPJ 112 (Chandigarh (U.T.) CDRC), the State Commission was of the opinion that, the medical practitioners were negligent in their actions in regard to the medical records. In the case of V P Shanta v. Cosmopolitan Hospitals (P) Ltd 1997 (1) CPR 377 (Kerala SCDRC), it was observed that there was a failure on the part of the hospital to deliver the X-ray reports of the patients was considered to be breach of duty by the State Commission. As a result of such an act on the part of the hospital, the patient was deprived of his right of information regarding the nature of the injury sustained by him. In the case of Force v. M Ganeswara Rao 1998 (3) CPR 251; 1998 (1) CPJ 413 (AP SCDRC), it was held by the State Commission that the medical attendants were negligent in their actions as the case sheet prepared by them did not contain the proper details of previous treatment. The consent documents were even missing from the Medical Records Department. In this regard, mention can be made about the case of Dr C Venkatasamy, Director, Aravind Eye Hospital v. N Mariappan Tamil Nadu State Consumer Disputes Redressal Commission in order R.P.No.15/1998 dated 18/10/2002, it was observed that free eye treatment was offered by the hospital in which the patient was not treated properly. The Hospital claimed in their part that they are not liable under the provisions of the Consumer Protection Act.

The privacy and security concerns of the patients have been given much impetus in modern context. With the adoption of electronic health records in the healthcare industry, data security can be effectively assured. In this regard, in consideration to the existing legal regulations, it is important to evaluate and discuss the security techniques in healthcare industries for the purpose of adopting effective electronic health records system. It is important to mention, in this regard that the data security methods and techniques has been categorized on the basis of three different themes which can be categorized as physical, administrative, and technical. Physical aspects involve physical updating of records by the staff or the patients into the data management system software over the internet or cloud server. First step is to enter the data manually into the computer system from paper and it requires proper vigilance and accuracy because if there is any inaccuracy or mistake in physical data entering or updating into the computer system, this will lead to inaccuracy in the further data management of the patient. Administrative aspect of data security in the healthcare industry involve management and regular maintenance of the medical and health related data of the patients on the cloud server and the data management system. This involves major role of the hospital or healthcare centre staff and to some extent also involves the role of the patient. Any kind of error while administrative management of the online health record of the patients, can lead to a serious problem and loss of sensitive information. When it comes to technical aspect of the data security and privacy of the medical records of the patients in the healthcare industry, it involves knowledge of technical knowhow of the patients as well as the staff present at the healthcare centers. It also involves technically sound data management system and technical issues related with it. There can be loss of all or part of the medical data saved over the cloud server electronically due to any kind of technical fault or discrepancy.  It is known to all that the information contained within electronic health records are quite sensitive in nature. Due to this reason, there is a requirement to introduce advanced security techniques. However, it is important on the part of these data security techniques to address the existing threats of the healthcare sectors. There present both advantages and disadvantages of the electronic medical records in the healthcare industry. Let’s discuss in detail major pros and cons of the online healthcare data management system.

In recent trends, there has been a transition from paper based records to storing of records electronically. As a result of such drastic implementation, the healthcare sectors benefitted a lot. An electronic health record (EHR) can be defined as the computerized format comprising of the health related information of the patient in a digital manner. The main importance of electronic health records is to facilitate sharing of data in regard to the medical records, history and medications of the patients. The information of the patients can be accessed remotely from any part of the globe in just a click with all the medical history and details and updating of the records also made easy and effortless. This made the whole process hassle free and very much convenient both for the patient as well as doctors. Other than this, a lot of benefits can be explained that comes with the transition from papers to online data management practices in the healthcare industry. Each benefit is important in their own way and usage both in case of management as well as accessing of the information. Therefore the advantages of the electronic medical records can be categorized as-

Introduction of electronic medical record system in the healthcare has reduced the level of medical errors to a great extent and hence improved the overall quality of patient’s care. It also helps the patient to better understand their medical condition and the cure prescribed. It is evident that computerised notes are easier to read and access than formal handwriting of a physician. Digitized daily care checklists and medical updates about the admitted patient make it easier and more efficient for the nurses to keep check regularly on the health of the patient.  This reduces the scope of any error and also saves time of the healthcare staff leading to better quality of the service. As a result of it, the risk of error is reduced considerably and positive impact is created upon the quality of care towards the patient.

Electronic medical records help in maintaining efficiency because due to its advent, the medical practitioners and the medical staffs shall be benefitted as there is no need to search relevant patient documents. This is due to the reason that, users would be able to access electronic health records timely and efficiently. Electronic medical record system makes it easier and quick for the patients to share their issues and health information with the physician or the doctor and this enables on time treatment and proactive care. Personal health record helps patients to manage their own health related information, track the progress and improvements and accordingly plan their medication and diets. This will lead to better and effective cure and on time examination and its treatment, making the process smooth and also helps in curing the disease at the earlier stages. The same data can be anytime shared with the dietician or the doctor for taking their review and feedback upon the progress or the changes needs to be made in the medication or diets. Caregiver can be regularly updated about the improvements in the health of the patient and can access the records whenever required and from any digital device, resulting in better connection between the patient and the caregiver.

Electronic health record helps in saving a huge amount of space of the office which has been pre-occupied by the documents containing the case history of the patients. With more and more changes in the lifestyle, more health issues are arising day by day and that has resulted in increased number of patients in any small or big hospital and even at the health centres. It is very much difficult to manage such level of medical records and information on papers and then get that much of storage space for maintaining and storing that data properly for uncountable years. In case of any loss of space or any kind of calamity whether natural or manmade, such as demolition or transfer of the medical setup, documents in the form of paper can be lost or get damaged easily. This will lead to loss of medical information and health records of the patients without any backup. In case of electronic health record management, all the data is saved over the servers in the cloud and hence there is no requirement of storage space for storing the papers and documents. Even the backup can be easily created for each kind of information about the patients and hence, this will not lead to any kind of loss of medical records. Patients can save copies of their medical and health records on their systems too.

Most of the electronic health records maintain a patient portal containing the medical history and relevant health information regarding the patients. So that at any point of time the information can be easily accessed remotely by the patient or his / her caretaker and doctor in care of need. Patient can easily see the detailed information and update it regularly through various digital devices. Information about the regular health updates of the patients can be easily passed on to the doctor for any kind of feedback if required. There are devices that can check the blood sugar level, blood pressure, etc. and simultaneously transfer the results to the server and save the current status. This result can then be compared with previous results of the same digital devices and the progress can be estimated in the treatment for example lowering or increase in the level of blood pressure or blood sugar level of the patient. This helps in regular check-up and tracking of the disease or any kind of medical condition on daily basis by the patient himself and can be passed on to the physician.

With the successful installation of an electronic health records medical claims like Medicare and Medicaid can be obtained which means that the patient is eligible to receive benefits from the deferral government. Electronic medical record system has been proved to save large amount of data management cost as there is requirement of no storage space when infrastructure is concerned. All the data is stored on the server over the internet. The data can be easily updated and accessed directly by the patients and the doctors. It saves the need of extra staff for managing and maintaining the papers and documents every now and then to update and save the medical records. Even the paper cost is getting saved with electronic health record system. By saving time of wring everything manually by the physicians and other caretaking staff, more effectiveness can be seen and less staff can be employed to do other tasks in better way. This will also reduce the overall cost spend on the staff by the hospitals and other healthcare units. Patients find it difficult to visit the hospital or the healthcare centre physically every time for small routine check-ups and updates. They can do it virtually over the digital devices and get it checked by the doctors from anywhere. This will save the time as well as cost of the patients too.

During the early years, the medical history of the patients was stored in paper records. This age old method has been replaced with electronic storing devices after electronic medical records came into being. Now all the information related to medical issues and medical history of the patient can be retrieved and accessed by the patients and the doctors electronically from anywhere and anytime. With emergence of technology like online data management system and cloud servers, all the paper records are being transferred and maintained over the internet electronically in most of the healthcare centres and hospitals. It is noteworthy to mention here that electronic medical records have certain disadvantages as compared to paper records which can be emphasized as-

It is a common issue with the usage of modern computer system is that it can be easily hacked. Similarly, electronic health record systems are vulnerable to hacking. As a result of it any kind of confidential information related to a sensitive patient can fall in the hands of a wrong person. The medical records contain a lot of personal and detailed information of the patients that can be accessed by anyone with false intensions and can be put to violation. With any kind of fault or failure of the server on which the medical records are saved, whole data about the patients will be lost completely. Among the various different issues that comes during the adoption and efficient implementation of the electronic data management system in the healthcare industry, major issue comes up is the data security and privacy. Still patient’s information is not completely safe and protected on the online data management systems. 

Providing wrong and inaccurate information related to the patient’s health can be observed in the electronic medical records. It is true that, each and every day, new record are being added however; it is necessary to keep these information updated in the electronic medical records. If the medical authorities fail to do so the patient shall rely upon inaccurate data which do not occur in case of paper records. In a day a large pool of patients visit a hospital or a healthcare centre. There occur manual entries of the medical information and data of the patients by the staff of the hospital. This is very much possible that there can be inaccuracy in the medical data updating and completeness of the information. This inaccuracy can occur with any level of updating the records. For example a patient is serious and due to need of immediate treatment some information is missed to be uploaded on the server, then this will affect the further treatment and lead to inaccuracy of the medical record. Prescriptions are updated and sent to patients regularly as per the current information and status of the health stored over the server about the patient. Any kind of inaccuracy in the records will lead to prescription of wrong medicine or can miss any important medicine. This will lead to harmful effects on the health of the patient. This makes paper records more accurate in comparison to electronic records management system in the healthcare industry.

Electronic medical records enables an individual to access the medical case data efficiently. However, many people are not aware of the modern technology. Therefore, as a result of it, it will be difficult for them to access their medical updates from time to time. Patients are of every age group, teenagers, infants, kids, young adults, and old age people. Most of them are old people with major health issues and need continuous and timely checkups and health updates in order to maintain proper check on their health in the old age. In comparison to young adults and teenagers, elderly and old age people are not that much tech savvy. They find it difficult to manage and maintain each and everything over the internet or electronically. A major part of the patients does not even know how to operate computer systems efficiently, then how will they access and update their medical records electronically. This makes the whole process of online management of the medical and health records difficult for the patients to understand. Many times this lead to failure in updating of the current situation or medication by the patients in their medical records and it creates inaccuracy and incomplete data.

With the implementation of electronic medical records, various potential liability issues are associated with it. It might occur that medical data can get lost or can be destroyed when there is a sudden transition from paper based data to a digitalized system. As a result of it treatment errors can arise. Since it is believed that doctors are given the authority to have access to medical data by using the electronic medical record; therefore the doctors shall be held liable if they did not access the information properly. In many small and big clinical centres, still the basic prescription is made on papers and then that information in manually uploaded by the staff over the server on the online data management system. This can result in any kind of mistake during updating the medical records from paper to online system. At the time of rush or when there are more number of patients, prescription can be exchanged and information can overlap during updating it on the system, this will create a major inaccuracy and loss of data. In pathologies and testing labs, it is very much important to maintain the accuracy and proper updating of records about the reports of the patients. Any kind of mistake or wrong information update can lead to severe consequences for the medical health of the patient.

Data security involves planning, development and the execution of security policies and procedures for the purpose of providing appropriate authentication and authorization to the existing data and information system. The specifications of data security and its protection are not uniform as it differs from one country to another. Therefore, data security is referred to the process of protecting digital privacy which is generally applied in order to prevent illegal or unauthorized access to computers and databases. It protects data from overall corruption. Data security is important for healthcare sectors for maintaining the confidentiality of medical conditions of the patients. Privacy and security of medical data is of major importance when it comes to successful adoption of any kind of medical assistive technology. Information related to age, gender, and health status, etc. are recorded and analysed in the records. All these personal information should be kept securely under strict vigilance. With time the cost of health premiums, health insurance, and healthcare facilities are increasing continuously. There comes the need for same level of proactive wellness and healthcare. This has led to the introduction and usage of digitized systems of maintaining medical records of the patients in electronic form. In healthcare industry, this has brought a paradigm shift. This has resulted in timeliness, complexity, and diversity in the sheer volume of healthcare data recorded in the healthcare industry. It is true that digital health records maintaining systems and big data is helping the medical and healthcare industry in making the process fast and proactive but with this, comes the major issues of data privacy and security. These aspects consist of the major reasons behind continuously growing vulnerabilities and threats emerging in the healthcare industry. With the emergence of cloud technology and saving all the personal online healthcare records of the patients on cloud, it becomes easy to access, manage, and maintain this information in a centralized way by the patients as well as by the doctors. This reduces the overall operational cost and makes the whole process electronically available. But this has led to loss of personal control on the personal health information by the patients. This calls for encryption of the medical data by the patients before making it stored on the cloud. Data encryption makes it too much challenging for anyone else to access the information as uploaded over the cloud server and makes the process efficient in relation with security and privacy aspects of the health data. One way of securing the personal information of the patients in case of medical records is by partitioning of the medical and the personal data from the information. Each portion is provided with an identification code. The part of the data containing personal information can be encrypted so as make it accessible only by the ones who have key for that encryption. The medical data part of the information is not encrypted and doctors can easily access that part whenever they need to. Each of these two parts of the data can be separately uploaded on the cloud system and can be accessed separately. Whole set of medical records can be only accessible by the people who get the key for accessing the complete medical records.

Conclusion:

In the conclusion, it can be stated that, a well preserved medical record has the capacity to maintain the details of a patient’s medical history. Confidentiality is something which is related to an individual’s self respect and trust. In medical practice, trust is the main foundation governing a doctor patient relationship. Therefore, it is important to preserve confidential information in a proper way. This is due to the reason that accurately preserved case notes has been safeguarding the ethical and legal interests of the patients for a long time. However, it acts as a shield to the healthcare practitioners from professional misconduct. In modern era, where litigation is considered to be inevitable, every healthcare institution should develop an organized Medical Records Department for the purpose of safeguarding confidential information related to the patient’s health condition. These records can be easily retrieved from electronic health records whenever necessary. It is noteworthy to mention here that, from the very beginning there have been a sudden shift from manual records system to electronic medical records as a reason of ease of storage and retrieval. It is evident that in modern era, the manual counterparts have been successfully replaced digital types notes. This is due to the reason that the age old manual technique was time consuming and sometimes inaccurate.

Digitally typed notes into an electronic device save much time and provides accuracy than handwritten notes. However, these electronic medical records do have few drawbacks as well which includes privacy concerns, misuse of information in regard to the range of advantages offered by these digitalized technique. Mention can be made about alleged medical malpractice which proves to be a major disadvantage of such digitalized practice. In spite of all these, it is known to all that electronic records are admissible as evidences presented before the court. Data encryption techniques can be adopted in order make the medical and personal records accessible with the use of key only. This can reduce the risk of information los or information misuse in case of online data management system in the healthcare industry. This will also help in making the information accessible to doctors and patients only and help in maintain the accuracy of the health related medical information. Regular updating and proper check on the medical records can make the process better and efficient. It can be finally concluded that, it is important to ensure the security of a computer system for the purpose of maintaining privacy and preventing unauthorized access to medical information.

References:

1. Cornelius v Taranto [2001] 68 BMR 62.
2. Dr C Venkatasamy, Director, Aravind Eye Hospital v. N Mariappan Tamil Nadu State Consumer Disputes Redressal Commission in order R.P.No.15/1998 dated 18/10/2002.
3. Force v. M Ganeswara Rao 1998 (3) CPR 251; 1998 (1) CPJ 413 (AP SCDRC).
4. H (A Healthcare Worker) V Associated Newspapers Limited: Ca 27 Feb 2002.
5. Kharak Singh vs. State of U.P (AIR 1963 SC 1295.
6. Aslam v. Ideal Nursing Home Orissa SCDRC 1994 (1) CPR 619.
7. Nihal Kaur v. Director, PGI, Chandigarh 1996 (3) CPJ 112 (Chandigarh (U.T.) CDRC).
8. Poona Medical Foundation Ruby Hall Clinic v. Marutirao L. Titkare NCDRC 1995 (1) CPJ 232: 1995 (1) CPR 661 (NCDRC) 1996 CCJ 70.
9. Raghunath G. Raheja v. Maharastra Medical Council (198 Bom AIR 1996).
10. Samira Kohli vs. Prabha Manchanda Dr. & ANR 1(2008) CPJ 56 (SC).
11. V P Shanta v. Cosmopolitan Hospitals (P) Ltd 1997 (1) CPR 377 (Kerala SCDRC).
12. W v Edgell [1990] 1 ALL ER 835.

13. Asija, Ruchika, and Rajarathnam Nallusamy. "Healthcare saas based on a data model with built-in security and privacy." International Journal of Cloud Applications and Computing (IJCAC)3 (2016): 1-14.
14. Barrows, Randolph C. and Paul D. Clayton. "Privacy, Confidentiality, and Electronic Medical Records." Journal of the American Medical Informatics Association2 (1996): 139–148.
15. Bates, David W., et al. "A Proposal for Electronic Medical Records in U.S. Primary Care." Journal of the American Medical Informatics Association1 (2003): 1–10.
16. Birkhead, Guthrie S., Michael Klompas, and Nirav R. Shah. "Uses of electronic health records for public health surveillance to advance public health." Annual review of public health36 (2015): 345-359.
17. Boonstra, Albert, Arie Versluis, and Janita FJ Vos. "Implementing electronic health records in hospitals: a systematic literature review." BMC health services research1 (2014): 370.
18. Chaturvedi, Anil. "Consent — Its Medico-legal Aspects." Medicine Update(2007): 883-887.
19. Corona, Lauren E., et al. "Use of other treatments before hysterectomy for benign conditions in a statewide hospital collaborative." American journal of obstetrics and gynecology3 (2015): 304-e1.
20. Dhanireddy, Shireesha, et al. "The urban underserved: attitudes towards gaining full access to electronic medical records." Health Expectations5 (2014): 724-732.
21. Ernst, M. E., et al. "Medication discrepancies in an outpatient electronic medical record." American Journal of Health-System Pharmacy21 (2001): 2072-2075.
22. Eysenbach, Gunther and Alejandro R. Jadad. "Evidence-based Patient Choice and Consumer health informatics in the Internet age." Journal of Medical Internet Research2 (2001).
23. Flint, Alexander C., et al. "Impact of increased early statin administration on ischemic stroke outcomes: a multicenter electronic medical record intervention." Journal of the American Heart Association8 (2016): e003413.
24. Fritz, Fleur, Binyam Tilahun, and Martin Dugas. "Success criteria for electronic medical record implementations in low-resource settings: a systematic review." Journal of the American Medical Informatics Association2 (2015): 479-488.
25. Gellert, George A., Ricardo Ramirez, and S. Luke Webster. "The rise of the medical scribe industry: implications for the advancement of electronic health records." Jama13 (2015): 1315-1316.
26. Goldstein, Benjamin A., et al. "Opportunities and challenges in developing risk prediction models with electronic health records data: a systematic review." Journal of the American Medical Informatics Association1 (2017): 198-208.
27. Gottlieb, Laura M., et al. "Moving electronic medical records upstream: incorporating social determinants of health." American Journal of Preventive Medicine2 (2015): 215-218.
28. Hillestad, Richard, et al. "Can electronic medical record systems transform health care? Potential health benefits, savings, and costs." Health affairs5 (2005): 1103-1117.
29. Islam, SM Riazul, et al. "The internet of things for health care: a comprehensive survey." IEEE Access3 (2015): 678-708.
30. Kaushik, Anjali, and Aparna Raman. "The new data-driven enterprise architecture for e-healthcare: Lessons from the Indian public sector." Government Information Quarterly1 (2015): 63-74.
31. Koo, Charles C. and Yuh-Ming Shyy. Washington, DC: Patent U.S. Patent No. 6,874,085. 2005.
32. Liao, Katherine P., et al. "Development of phenotype algorithms using electronic medical records and incorporating natural language processing." Bmj350 (2015): h1885.
33. Li, Ming, et al. "Securing Personal Health Records in Cloud Computing: Patient-Centric and Fine-Grained Data Access Control in Multi-owner Settings." International conference on security and privacy in communication systems. Berlin, Heidelberg: Springer, 2010. 89-106.
34. Li, Zhuo-Rong, et al. "A secure electronic medical record sharing mechanism in the cloud computing platform." IEEE 15th International Symposium on Consumer Electronics (ISCE). IEEE, 2011. 98-103.
35. Ludwick, D. A. and John Doucette. "Adopting electronic medical records in primary care: lessons learned from health information systems implementation experience in seven countries." International Journal of Medical Informatics1 (2009): 22-31.
36. Mathiharan, Karunakaran. "Law on consent and confidentiality in India: A need for clarity." The National Medical Journal of India27 (2014): 39-42.
37. Nguyen, Lemai, Emilia Bellucci, and Linh Thuy Nguyen. "Electronic health records implementation: an evaluation of information system impact and contingency factors." International journal of medical informatics11 (2014): 779-796.
38. Patil, Harsh Kupwade and Ravi Seshadri. "Big Data Security and Privacy Issues in Healthcare." IEEE International Congress on Big Data. IEEE, 2014. 762-765.
39. Rodwin, Marc A. "Patient Data: Property, Privacy & the Public Interest." American journal of law & medicine4 (2010): 586-618.
40. Srivastava, Shirish C., and G. Shainesh. "Bridging the Service Divide through Digitally Enabled Service innovations; Evidence from Indian Health Care Service Providers." MIS Q1 (2015).
41. Tang, Paul C., et al. "Personal Health Records: Definitions, Benefits, and Strategies for Overcoming Barriers to Adoption." Journal of the American Medical Informatics Association2 (2006): 121–126.
42. Thompson, Gwen, et al. "Impact of the electronic medical record on mortality, length of stay, and cost in the hospital and ICU: a systematic review and metaanalysis." Critical care medicine6 (2015): 1276-1282.
43. Walsh, Stephen H. "The clinician's perspective on electronic health records and how they can affect patient care." Bmj7449 (2004): 1184-1187.
44. Wilkowska, Wiktoria and Martina Ziefle. "Privacy and data security in E-health: Requirements from the user’s perspective." Health Informatics Journal3 (2012): 191-201.
45. Zahabi, Maryam, David B. Kaber, and Manida Swangnetr. "Usability and safety in electronic medical records interface design: a review of recent literature and guideline formulation." Human factors5 (2015): 805-834.