Security and confidentiality in an electronic medical record.

The maintenance of privacy and confidentially must remain a core principle of the interaction between patients and medical staff. Traditionally, the single paper copy of the medical history has been treated with systematic handling, careful tracking, and respect for the integrity and confidentiality of the contents. The widespread availability of computerized information requires that these principles be maintained in the electronic environment. Security measures should protect sensitive data without hindering medical practice. At Mayo, we have established data security policies and standards for the handling of all electronic information. Dissemination and communication of these standards and guidelines are an ongoing challenge. Technical maneuvers can be employed to protect data integrity, identify users, and monitor compliance. Personnel policies must be updated to reflect the responsibilities and liabilities of the electronic environment. Practice efficiencies and access to clinical data must be balanced by individual responsibility and accountability for privileged patient information.