At its annual meeting, the American Medical Association (AMA) on Monday (6/15/09) announced the adoption of "guiding principles" to be followed by physicians in the event of a breach of security of electronic medical records (EMRs) containing patient data. According to the AMA press release, under the guidelines a physician should:

  1. ensure patients are properly informed of the breach
  2. follow ethically appropriate procedures for disclosure
  3. support responses to security breaches that place the interests of patients above those of physician, medical practice or institution
  4. to the extent possible, provide information to patients to enable them to diminish potential adverse consequences of the breach of personal health information.

Although not a mandate, the guidelines represent a step in the right direction as EMRs proliferate. For more information, see the AMA website.