Protect Patient Privacy Overview

PCC includes many different tools and features to help your practice make sure a patient’s medical information is protected.

This article includes an overview of how to use and configure PCC software to ensure that patients’ PHI is only available to those with permission to view it. For each topic covered, there are links to the specific feature article elsewhere on

Watch a Video: You can watch an overview video explaining the features in this article here: Patient Medical Record Privacy.

PCC System-Wide Protections

PCC EHR and the PCC revenue cycle management tools work hard behind the scenes to protect private health information by default.

The most obvious security measure is user logins. Every time anyone at your practice wants to view patient data, they must enter a password, which ensures that only authorized users have access to your files. Obviously this is not possible in the world of paper charting, where anyone could just walk into your office and start reading a patient’s private health information.

Beyond needing a “key” to view your data, whenever a patient’s chart is not actively being looked at, it is encrypted. Your practice’s server has an encrypted hard drive, and all backups of your data (locally and in the cloud) are also encrypted, as are the secure communication standards we use when you send a claim or receive an electronic lab test result.

Chart Audit Log

PCC automatically logs all user access to patient records.

Whenever someone at your practice even opens a chart, PCC EHR logs that activity. PCC keeps track of the date and time a chart was accessed, but also provides details about what type of “event” took place. For example, you can see which sections of the chart were accessed, modified, printed, deleted, etc., and by whom.

You can perform a quick and thorough audit by patient or employee with the PCC EHR Audit Log. You can audit a specific patient’s chart, to see everyone who has looked at that patient’s PHI, and you can audit a particular employee at your practice, to see which charts they have opened. It’s easy to run the report yourself, without outside assistance or configuration, in order to find any unauthorized access into your patient records.

Your practice can decide which users will have access to the PCC EHR Audit Log.

Configure Diagnoses and Orders to Be Private

Sometimes a patient has a sensitive diagnosis, lab, or other order, and you want to make sure that it doesn’t get pushed out to the portal or printed out on reports that mom and dad might see.

Alternatively, your practice may have a policy that specific orders (or all labs) are not released on the patient portal until the provider has spoken with the family.

How can you control whether or not diagnoses or labs appear in the patient portal or on the Patient Visit Summary?

Hide or Show an Individual Item

Every time you add a diagnosis or create any type of order, you can specify whether it will be shared on patient-facing materials.

For example, you can hide sensitive items on the Medical Summary for the patient. Just click the lock icon next to the problem, allergy, or family medical history item.

Similarly, while charting a visit, you can hide a diagnosis or order by unchecking the “Include on Patient Reports” box.

Click Edit to Edit Orders: When you work with orders, you will need to be in “Edit” mode in order to access the lock checkbox.

For more information on this topic, read Hide Sensitive Diagnoses from the Patient Portal and Patient Reports, on

Configure Sensitive Items To Be Hidden By Default

If your practice decides that a certain diagnosis or order should always be hidden (such as STD tests, for example), your practice can configure individual diagnoses or orders to be “locked” by default. Later, clinicians can adjust the order on a case-by-case basis.

Make a Diagnoses Hidden By Default

When you wish to make a diagnosis hidden by default, open the Diagnosis Configuration tool from the Tools menu.

Find the diagnosis, and double-click to edit. Uncheck the “Include on Patient Reports” box to change the default status of this diagnosis to private.

For more detailed instructions on hiding diagnoses, read the Configure Default Hidden Diagnoses section of the Hide Sensitive Diagnoses article.

Configure a Lab Order to Be Hidden By Default

You can use the Lab Configuration tool to set whether or not a lab order will be visible on reports and the Patient Portal by default.

Open the Lab Configuration tool from the Tools menu, and double-click on the lab that you want to make private.

Uncheck the “Include on Patient Reports” box to make this lab “locked” by default.

For more help on configuring lab orders, read the Lab Configuration article on

Hide Lab Orders Until They Are Reviewed: Some practices use the above setting to make all lab orders “hidden” from the Patient Visit Summary and patient portal (My Kid’s Chart) by default. After the clinician reviews the results with the family (for example), the practice edits the lab order and clicks the “Include on Patient Reports” checkbox. That makes the single instance of that lab visible for the family.

Hidden Orders and Diagnoses Appear on Time of Service Receipts: An order or diagnosis that is hidden will still appear on a time of service receipt, if it is generated after the charges have been posted.

Configure Other Orders to Be Hidden By Default

For all other types of orders, such as medical tests or referrals, you will use the Protocol Configuration tool to make them private by default.

Open the Protocol Configuration tool from the Tools menu, and select the Component Builder.

Find the relevant order component, and double-click to open it. Within the component, locate the specific order you want to make private, and double-click on it to edit.

Uncheck the “Include on Patient Reports” box to hide this order on reports and the Patient Portal by default.

For more help with configuring and editing orders, read The Component Builder, on

Teenagers and Privacy

A common privacy issue for pediatric practices is what to do about teenage patients. Depending on your state or region’s regulations, emancipation age can vary. PCC can handle whatever age your patients’ medical records become their own.

Teenagers and the Patient Portal

PCC’s patient portal, MyKidsChart, has an age-based privacy setting that you can configure to whatever age is appropriate for your practice. When a patient turns that age, all users who have not been granted specific permission will no longer have patient portal access to that patient’s records.

Open the Patient Portal Configuration tool, and use the Configuration tab of the Patient Portal Manager to set your practice’s emancipation age.

Portal access is based on an e-mail address that you’ve verified with the parent or patient. You can create a portal account for the patient and grant only them access to their account to review medical records.

Within the parent or guardian’s portal account, you can manually indicate that they should still have access to the patient’s portal account for some reason, even after the patient reaches the emancipation age. Maybe you have a written agreement where they are defined as a patient representative, for example.

To override the emancipation age for a patient, use the Administration tab of the Patient Portal Manager, select “Manage Portal User”, and find the parent or guardian’s account.

Within the column that says “Hide at age < >” click on the “Yes” to turn it to a “No”. This will prohibit the patient’s file from being hidden from this portal user when the patient reaches emancipation age.

Basically, you can set your practice’s default emancipation age, and then your staff can set medical record access on a patient-by-patient basis.

For more information about setting portal account permissions, read the My Kid’s Chart User Account Administration article on

Portal Messages are Private

As detailed above, a practice can designate which portal accounts can review patient medical information, no matter what the age.

Any patient, parent, or other authorized individual can have a portal account and use it to communicate with the practice. Even after a parent can no longer see a patient’s records, they can continue to send and receive portal messages, and a patient can communicate privately with the practice with their own portal account.

All Messages are Private: Portal message conversations are not stored in any email account. Messages between the practice and a portal account holder can not be read by any other My Kid’s Chart user, even those users who have access to the same patient’s records. For example, two parents and a teenage patient, with three separate portal accounts, will not see each others’ communication with the practice. For more information, see the Patient Portal User Guide.

“Parent” Accounts for Patients

If a parent’s insurance company is billed for a patient’s visit, they may see that visit on their EOB from the insurance company, or on their bill.

If a patient’s visit should never be visible to a patient’s parent or guardian, is there anything you can do to prevent them from seeing it?

PCC is a family-based record system. That means that a patient’s medical record and the billing record are separate. When appropriate, you have the option of giving the patient their own account record. Within the Demographics section of their chart, you can create and assign an account for the patient so that they are their own guarantor. When that happens, all future charges will only be visible on their account.

For more detailed instructions on creating an reassigning accounts, read Add New Patients and Accounts on

Some practices instead elect to create a second, private patient chart to track sensitive visits for patients who are not yet adults. It works, but you need to have a practice-wide understanding of the policy, and train your clinicians on the workflow.

Confidential Communication Preference

You can define a patient’s communication preference, recording exactly who in the family should be contacted and how. This is another way to ensure private correspondence with your teenage patients.

The Confidential Communication Preference component is located right on the Demographics screen.

Confidential Notes

PCC EHR has a chart-wide component called Confidential Notes, which can be on the Medical Summary or right on the visit chart note. This is a place that clinicians can use to write notes that are only meant to be seen by certain staff.

Information stored in the Confidential Notes component will not print out on any reports, including the Health Information Summary, Patient Visit Summary, or the Summary of Care Record. It will not appear anywhere in the patient portal.

The Confidential Notes component is collapsed by default, which means that any notes that have been written do not appear visibly on the screen when a chart is opened. The person reviewing the chart will have to click on the arrow to expand the note section, and read whatever has been written.

PCC EHR logs anytime someone opens or edits a patient’s Confidential Notes. Contact PCC Support if you need to audit this log.

For more information on this topic, read Confidential Notes and Other Confidential Fields, on

Clinical Alerts

You can use Clinical Alerts to warn your staff about privacy issues or a patient’s emancipation status.

For a special privacy concern, or if you just want to make sure that staff is aware of the patient’s age when accessing their record, PCC’s Clinical Alerts feature can trigger a reminder whenever the patient’s chart is opened.

To learn more about how to set up and use clinical alerts for your practice, read the Clinical Alerts article on

Office Policy Considerations Around Privacy

  • Access Permissions Form on File: It’s a good idea to have a signed “access permissions” form from patients and families that you keep on file, import it and keep it in the Documents section of the patients chart. If you are establishing a patient representative you should have a form for that and have that signed and placed in the patient’s chart as well.
  • Emancipation Age: You should have a practice policy on the Emancipation Age for patient portal access, with an explanation of exceptions around special-needs patients and other circumstances.
  • Know Your Tools: Your clinicians all need to know how the “Display on Patient Reports” checkbox and lock toggle work. One administrator at your practice can configure the defaults for sensitive labs and diagnoses, but it is important for clinicians to be able to review what’s happening in the moment, and to use these tools when charting, as needed.
  • Know Your HIPAA Protections: Have you done a Security Risk Assessment? Who is your practice’s HIPAA officer, and what’s your written policy?
  • Your State or Region’s Rules: Finally, your practice needs to know your state or region’s rules, laws and requirements. What are the laws around “patient representatives”? At what age does a parent need permission to access their child’s records? PCC has the tools to help you make it happen.
  • Last modified: November 29, 2022