• A
  • |
  • A
  • Text size

AMA Provides Guidelines for Breach of Information in Electronic Medical Records

New AMA principles promote patient security

For immediate release
June 15, 2009

CHICAGO – To protect the privacy and security of patients, the American Medical Association (AMA) today adopted new guiding principles for physicians in the event a patient's electronic medical record is breached. The four guidelines outline specific steps for physicians to take to protect patient information and were adopted at the AMA's Annual policy-making meeting.

"Protecting the privacy and safety of patient information, whether in a paper record or an electronic medical record, is a top priority for physicians," said AMA Board Member William A. Dolan, MD. "Physicians need a standard protocol to follow to maintain patient security in the event of a breach of personal information."

Medical information housed in an EMR travels from patient to health care provider to health insurance industry with limited regulation and oversight. Security breaches can happen and physicians need guidance about their responsibilities if health information has been compromised.

The new AMA guidelines ask physicians to:

  1. ensure patients are properly informed of the breach
  2. follow ethically appropriate procedures for disclosure
  3. support responses to security breaches that place the interests of patients above those of physician, medical practice or institution
  4. to the extent possible, provide information to patients to enable them to diminish potential adverse consequences of the breach of personal health information.

"EMRs are the wave of the future, so it is important for both patients and physicians to feel secure" said Dr. Dolan. "These new guidelines prepare physicians to help for patients in the unfortunate situation of an information breach."


For additional information, please contact:

AMA Annual Meeting Pressroom
(312) 239-4991

Kate Cox
AMA Media Relations
(312) 464-4443