Data Ownership of EHR

For the purposes of these recommendations, the term “privacy” shall mean that only those person or person(s) including organizations duly authorized by the patient may view the recorded data or part thereof. The term “security” shall mean that all recorded personally identifiable data will at all times be protected from any unauthorized access, particularly during transport (e.g. from healthcare provider to provider, healthcare provider to patient, etc.). The term “trust” shall mean that person, persons or organizations (doctors, hospitals, and patients) are those who they claim they are.
The following approaches are to be adopted wherever applicable to address the aspects that the terms mentioned above refer to:
  • Privacy would refer to authorization by the owner of the data (the patient) 
  • Security would have as components both public and private key encryption; the encryption techniques used in transit and at rest need to be through different methodologies. 
  • Trust would be accepted whenever a trusted third party confirms identity 
Protected Health Information (PHI) would refer to any individually identifiable information whether oral or recorded in any form or medium that (1) is created, or received by a stakeholder; and (2) relates to past, present, or future physical or mental health conditions of an individual; the provision of health care to the individual; or past, present, or future payment for health care to an individual.
Electronic Protected Health Information (ePHI) would refer to any protected health information (PHI) that is created, stored, transmitted, or received electronically. Electronic protected health information includes any medium use