The patient record, whether it is a paper copy or an electronic version, is the business record of the health care system. Patients have the right to keep information about themselves from being disclosed to others. Computer systems that house EHRs must be encrypted for security purposes and only those providers that participate in some phase of treatment or management of the patient should be allowed access to the patient record according to long standing HIPAA (Health Insurance and Portability and Accountability Act) guidelines. The EHR is a communication tool that supports clinical decision making and encompasses many aspects of patient treatment including quality assurance, patient education, and coordination of treatment, legal protection and research [15]. The physician, dentist, practice or organization is the owner of the patient record, but the patient owns the information in the record [15].

The patient or their legal representative is responsible for the care, custody and control of the EHR [16]. Adult patients must be able to make their own decisions concerning healthcare which includes the sharing of their health information with other entities. They must be able to provide consent when their health information is to be shared with an entity outside of the practice that is providing their care. When a patient is unable to make their own decisions concerning their care due to age or some incapacity then a representative or legal guardian must make these decisions within the best interests of the patient [16].

The increased use of EHRs has also increased concerns for the security of patient’s health information. Additionally, the widespread use of mobile devices such as smartphones has heightened concerns from information technology consultants that confidential patient information can be compromised. The HITECH Act mandates that the Department of Health and Human Services conduct periodic security audits of health care providers, as well as their business associates [17]. Although the odds of a practice or clinic being audited would be low at least, this threat should compel health care entities to focus on eliminating potential violations which would include data safeguards and other policy and procedural measures to designed to protect the privacy of patient data.

When patient health records were strictly paper charts the control of a patient’s health information was much easier to manage. With advent of the EHR and the data being entered, stored and retrieved electronically a new level of complexity to controlling this information has been added, as well as presenting conflicts with the ethical principles of beneficence, autonomy, fidelity and justice [18]. Autonomy can be breached when health care data is shared or linked without the patients’ knowledge, fidelity can be lost when proper security measures are not applied and justice can be breached when equal access to health information is disparate due to income, literacy, disabilities or other socioeconomic factors [18].

Privacy and confidentiality remain core components of patient rights, but evidence does suggest that the extent of the respect for these rights may be declining [19]. Violations of patient privacy may be easier than ever before because of the efficiency of computerized systems. Thus the potential for a confidentiality breach is increased due to the ease with which data can be replicated and distributed via the computer [19]. Additionally, protecting the privacy of a patient’s Protected Health Information (PHI) can be challenging in an electronic environment. These measures often involve the use of unique user IDs and passwords, encryption, remote access controls and computer privacy screens [5]. Protection of PHI involves not only the implementation of measures impacting computer hardware and software, but also on the individual clinician level. Practitioners must be well trained in HIPAA regulations, understand the appropriate ways to manage PHI, understand the issues of shared parenting (consent issues), know what information is appropriate to share with other providers and be aware who is requesting access to PHI [5].

One of the greatest potentials for an ethical breach is in the area of inappropriate access to PHI. Some examples of the issues of access may be: lost or stolen passwords, not properly logging out of computers, not using privacy screens in high patient traffic areas and improper sharing of PHI through e-mail to name just a few. Access of PHI for the purposes of the greater good of the patient has to be balanced against the issue of the personal privacy of the patient [20]. Also, as EHRs and the information contained within the patient record become more widely accessible what groups of providers or ancillary support staff should have access this data and what level of access should be granted? That is, for example, does a laboratory technician, a nurse and a pharmacist, all of whom may participate in a patient’s treatment, be provided equal access to the patient’s data in the EHR and at what level should this access be? Also, if the patient was diabetic and the pharmacist was prescribing medication would it be helpful for him or her to know the patient’s latest HbA1c values? Ultimately, no matter how far technology advances or how interconnected and widespread EHRs become the providers or end-users must still manage the EHR by adhering to sound ethical principles.

Along with the proliferation of EHRs have come some challenges that must be met and solutions that must be devised. EHRs provide a way to electronically enter, manage and retrieve large amounts of patient data. Along with the ease of operations in using EHRs comes the ease with which users can create ethical challenges in the way in which patient data is managed. The ease with which previously written clinical or progress notes can be copied and pasted is a potential problem in the record. If there are errors in the text that was copied then those errors will continue to be reproduced [21]. Additionally, if clinic notes are copied from other providers, as may be the case once there is better interconnectivity, then there may not only be errors that may be reproduced, but the issue of plagiarism also becomes a factor.

Another timesaver that is becoming more routinely used is the note template. Practitioners may create a note template that might have standardized language that would be common to a particular oft used procedure. The clinician may often prepopulate the note field with this standardized note and then edit the note following the procedure. Unfortunately, when the clinician is rushed the note may not get properly edited [21]. There are many other shortcuts that can be utilized with EHRs that make record entry and data management much easier for the clinician, but have the potential for pitfalls.

The ability to enter patient data into the EHR chair-side now also makes record entry so much more efficient. As detailed earlier in this chapter, real time data entry, although convenient for the provider, may cause a break in the attention given to the patient. The clinician must constantly divert his or her attention from the patient and onto the computer screen. This break can be perceived by the patient as a lack of attentiveness to their health issues, and secondly the clinician must use his observation skills when asking a patient about his health to see his or her non-verbal reactions. This is an important aspect of medical and dental history taking that may be lost as the doctor-patient relationship is interrupted by the computer [21].