At its annual meeting, the American Medical Association (AMA) on Monday (6/15/09) announced the adoption of "guiding principles" to be followed by physicians in the event of a breach of security of electronic medical records (EMRs) containing patient data. According to the AMA press release, under the guidelines a physician should:
- ensure patients are properly informed of the breach
- follow ethically appropriate procedures for disclosure
- support responses to security breaches that place the interests of patients above those of physician, medical practice or institution
- to the extent possible, provide information to patients to enable them to diminish potential adverse consequences of the breach of personal health information.
Although not a mandate, the guidelines represent a step in the right direction as EMRs proliferate. For more information, see the AMA website.