Typically, it is of necessity to undertake greatest concern and endeavor while protecting the confidentiality of computerized medical records (Ball, 1973). This paper aims at examining the following queries: whether corrections should be date and time-stamped; when to advise a sick individual regarding the existence of databases that have been computerized, and which contain medical information with reference to that patient; when to notify a sick individual regarding the information that is not precise or purging-of-archiac; when to put the medical database that has been computerized online to the automated terminal; and when records are erased or destroyed by the service bureau of the computer, is it of necessity that the bureau verifies the erasure to the physician.
Ideally, corrections, specifically to medical records ought to be date and time-stamped. Furthermore, it is of necessity to identify the individual making the modifications to medical records because the records are deemed to be legal documents. For instance, if a court orders the medical records of a patient, it is of necessity to be aware of who made the alterations to the records and the time when those modifications were carried out.
Date and time-stamping records reminds the physician why a medical record was altered. Thus, the medical information that is confidential should only be inputted into the computerized medical records by personnel that have been authorized (Parmet, 1981).
Idyllically, it is of necessity to advise a patient regarding the existence of automated databases that contain his/her medical information. This information ought to be given to the patient prior to the records being released by the physician to the company that is storing that information. In fact, it is a patient's right to have an idea of where his/her records is being kept. Moreover, it is his/her right to be aware of who is accessing their records. It is of necessity for the patient to obtain full-disclosure of that information. Also, an apposite security level ought to be assigned to the patient's data for its degree-of-compassion, which then employed to control the access to information (Hayden, & Novik, 1980).
With regards to computer confidentiality, Hiller and Beyda (1981) asserted that it is of necessity to establish the purging attack procedures, as well as to establish the processes of imprecise information. The patient ought to be notified prior to the purge taking place. Nevertheless, the sick individual ought to be notified concerning the purge completion. To that effect, the patient is given an opportunity to access that information on a hard copy. No commingling should be in place, specifically between the computer service-bureau records and the computerized medical records of the physician. Processes to prevent unintentional mixing of records ought to be implemented.
The medical database that has been computerized ought to be online to the computer-terminal, but only at the time when the computer programs that have been authorized, and which require the medical records, are being employed. Superlatively, these computerized medical databases should not be accessible to external organizations and/or individuals. Indeed, security measures should be employed in controlling access. These security measures may encompass the following: file encryption; user identification; and user login passwords; and scannable badges.
And finally, when records are erased or destroyed by the service bureau of the computer, it is of necessity that the bureau verifies the erasure to the physician. For instance, if the physician's computer services are terminated, the physician ought to be provided with the computer files that have been maintained for him/her. Actually, they might be erased/destroyed, the moment it is found out that another copy (in similar form) is with the physician. In cases whereby the file has been erased, it is of necessity for the physician to be verified (in writing) by the computer-service bureau of the occurrence of the erasure (Winslade, 1982).
In conclusion, stern security processes ought to be implemented so as to minimize unauthorized access to computerized medical records.
As a matter of fact, audit procedures ought to be implemented so as to establish a medical record in cases whereby, there exists an unauthorized disclosure of computerized medical data.