Today, a growing number of patients wish to have access to their health information. There are several reasons for that. They may need to change a doctor, learn a second opinion or just want to get control of their health records and feel independent of their providers. Whatever the reason, the Right to be Informed and the Right to Information are provided by law and the norms of professional ethics. Therefore, medical businesses should give patients access to their info. However, there are some transferability and privacy issues.

So, what are the ways of sharing medical info with patients?

Addressing a doctor or a facility directly is traditional, and, probably, the most troublesome way. Imagine that you need to get your records from a doctor you haven’t seen for months or even years. You’ll have to visit the facility and ask the front desk officer to retrieve your history. Then you’ll need to find the needed items. Your doctor could help you, but if you want to see him or her, you will likely need to schedule a visit. Of course, nowadays patient info is frequently kept in digitized form as Word/Excel files or DICOM images. So why not ask the doctor to send the records via email or upload the DICOMs to some file sharing service? The problem is, most doctors would flatly refuse to do that because of HIPAA compliance issues, since all your charts, progress notes, and images are Electronic protected health information (ePHI), and violation penalties can reach up to $1.5 million. Therefore, direct addressing is challenging for both doctors and patients.

Electronic health records (EHRs) are a much more advanced digital solution, intended for entering, processing and sharing medical info. There are hundreds of vendors that offer reliable and HIPAA-compliant systems, which allow retrieving demographics, progress notes, images, insurance/billing information and much more. EHRs are a common and reliable way for sharing patient information, and, if properly used, they improve doctor-patient relations. Wherever patients go, their charts go with them. Still, there is one problem. The system is intended for use by healthcare professionals and typically does not provide direct patient access.

Instead, there are solutions designed specifically for patients and tailored to their needs. The architecture of such software applications varies, e.g. module-based solutions may have patient portals (or patient modules). A patient visits the portal, logs in and finds all the needed information – from progress notes and eligibility responses to bulky DICOMs. If the system is designed as a web application, it requires no installation and can be accessed at any time and from anywhere. This means that the patient can control his or her records and becomes physician-independent, which may be useful if the patient needs to change doctors. To ensure HIPAA compliance, vendors use various types of encrypted connections. Besides, the patient can by no means access unintended information, since he or she has access to only one module.

The system of patient portals or modules is secure for medical businesses and isn’t a challenge for the patients. And if the service is painless to the patients, it is profitable to the provider.