What is a PHR?
A PHR is a Personal Health Record. It is a method of tracking and communicating your specific health information to healthcare professionals. The PHR can be used in a wide range of circumstances, including doctor visits, dental check-ups, pharmaceutical visits, and of course, in emergency situations. We provide an Electronic PHR or E-PHR, which is much easier to update and is designed in a format that provides the information in a clear, concise manner that “Doctors Need to Know.”
Why would I want to keep a PHR?
Your health information is scattered across many different providers and facilities. Keeping your own complete, updated and easily accessible health record means you can play a more active role in your healthcare. You wouldn’t write checks without keeping a check register. The same level of responsibility makes sense for your healthcare.
A patient’s own PHR offers a different perspective, showing all your health-related information. It can include any information that you think affects your health, including information that your doctor may not have, such as your exercise routine, dietary habits, or glucose levels if you are diabetic.
Also, the PHR is a critical tool that enables you to partner with your providers.
It can reduce or eliminate duplicate procedures or processes, which saves dollars, your time, and the provider’s time. The information you gather gives you knowledge that assists your preparation for appointments.
With your PHR, you can:
- Knowledgeably discuss your health with healthcare providers
- Provide information to new caregivers
- Have easy access to your health information while traveling
- Access your information when your doctor’s office is closed
- Record your progress toward specific health-related goals
- Refer to physician instructions, prescriptions, allergies, medications, insurance claims, etc.
- Track appointments, vaccinations, and numerous other wellness healthcare services
What is the training for people involved in managing my health records?
Typically, the people who are responsible for the oversight and management of all patient health records have received specialized training in health information management. In fact, many of these individuals have college degrees and have passed an examination earning the certification of either Registered Health Information Technician or Registered Health Information Administrator. To learn more about the education standards for this profession, visit AHIMA.
Where can I locate the federal and state laws that govern the disclosure of my health information?
For information about the health information laws in your state, visit The Center for Democracy & Technology.
Most health records are subject to the HIPAA Privacy Rule.
Health records originated by the federal government, such as the Veterans Administration or Indian Health Services are also subject to the Privacy Act of 1974.
Health records originated by federally subsidized substance abuse programs are subject to the Confidentiality of Alcohol and Drug Abuse Patient Records rule.
If you believe your privacy rights have been violated, you should contact the Privacy Officer of the provider where you believe the violation occurred to try to resolve your concern. If you are unable to resolve your concern locally, you can file a formal complaint regarding the organization’s privacy practices directly to the organization, health plan, or to the Department of Health and Human Services’ Office for Civil Rights (OCR). The OCR is charged with investigating complaints and enforcing the privacy regulation.
Complaints to the OCR must be filed in writing, either on paper or electronically. Name the provider that violated your rights, according to the privacy rule, and what occurred. Complaints must be filed within 180 days of when you realized the act or omission occurred. Violations must have occurred on or after April 14, 2003, for the OCR to have any authority to investigate. For additional information on filing a complaint, visit the OCR Website
Is My Information Confidential?
All personal member information is kept in a secure database using encrypted technology that can be changed only by the member. All information obtained by healthcare professionals is in a read-only format and cannot be changed in the database.
Is drIDme subject to HIPAA Privacy Guidelines?
DrIDme is not considered a covered entity under the HIPAA guidelines. However, drIDme feels that your medical record confidentiality is our top priority. DrIDme’s intent is to communicate with healthcare personnel to collect your medical information as a superior service to you and also provide the necessary information in case of an emergency. All healthcare providers are covered entities under the HIPAA guidelines and will treat your record as protected health information.
Is my data safe?
Yes. drIDme’s security policies meet 100% of the technical and security requirements of 45 CFR Parts 160 and 164, sub parts A and C. Our technical infrastructure is housed at a SSAE 16 Type II Soc 1 certified facility which undergoes annual independent audits. drIDme is also independently accredited by the Electronic Healthcare Network Accreditation Commission (EHNAC), Registration Authority (RA), and Certificate Authority (CA). EHNAC performs a comprehensive review of drIDme’s technical infrastructure, policies and procedures on alternating years. Finally, drIDme also has an audited business recovery plan.
Will drIDme notify me when I receive a Direct message?
Yes. A message notification feature is standard to the Direct Mails Version 3.0 product. Notifications can be either an SMS message to a smart phone or an email notification to a designated non-direct address.
Is there a directory of Direct addresses?
Yes. drIDme supports access to the DirectTrust.org directory in three ways: a filter tool on the max.md website, the native address book within Hosted Direct Mail Version 3.0 accounts, and by calling the directory through an API. Direct policy requires that you must be a part of the directory in order to access the directory.
What is identity proofing?
Direct operates as a Trusted Network designed to improve interoperability between disparate systems and improve care coordination between healthcare professionals and the patients they serve. It is the identity proofing aspects of the Direct Protocol that create a spam-proof, spoof-proof network with a foundation of trust-in-identity. Direct policy requires each user of the Direct Protocol to be proofed to NIST Level of Assurance 3, which is satisfied with two forms of ID.