Breach of HIPAA to look up one's own medical records at work??
- 3Oct 22, '12 by sapphire18 GuideJust wondering what the rationale for this rule is- we are not allowed to enter the chart of any patient unless it is for patient care- which of course makes sense. However we were told that this includes our own charts. I can understand management not wanting us to be using company time for personal things, but they say that a consequence of looking at our own medical record can include termination, which I don't understand if we can request access to our chart via the medical records department anyway? Any thoughts?
- 0Oct 22, '12 by Rose_Queen, MSN, RN GuideWe have to go to medical records and sign the form. Kind of evens the playing field- Joe Shmoe can't just walk up to a computer and pull up his records; why should we be any different just because we happen to work at the place that has our medical record? And accessing our own record isn't related to patient care in any way. Many places offer websites where patients can look up their own information anyway.
- 10Oct 23, '12 by elkparkIt is a HIPAA violation because the facility is failing to keep the records secure. The organization/facility is required by state and Federal law to have an established process for protecting and appropriately releasing medical records that applies to everyone. From the facility's perspective (and that of the state and Federal regulatory agencies), it makes no difference whether the individual is an employee or not. They are required to follow their own policies and rules, which typically means formally requesting the record and signing the necessary release forms. Every facility I've ever worked for, and every facility I surveyed when I worked as a hospital surveyor for my state and CMS, had a policy for releasing individuals' records to them on request, and that policy did not include employees just being able to pull their records up on a computer at work; employees were required to go through the same process as everyone else (and, yes, violating the policy could be grounds for termination). State and Federal confidentiality laws restrict employees' access to records to a "need to know in order to provide care" standard, and you don't "need" to access your own records in order to provide care to yourself.
- 1Oct 23, '12 by psu_213, BSN, RNIn the time I have been working for this system (about 4 years) it has gone from not being able to look up you records on the computer to now where you are able to look at your records on the computer without having to go through medical records. I'm not sure the rationale for not being able to view your own records. On this issues of security/confidentialilty....you don't need to see your records to provide care to yourself, but I cannot see how accessing your own record constitutes a HIPAA violation R/T security of the information.
On the other hand, an employee is never allowed to look up someone else's information, even if they are legally allowed to view it. The obvious example of this is a parent looking up their minor child's chart.
- 0Oct 23, '12 by DazglueI guess it depends on the facility. We were informed we could look up our own records and all of our old charts. Not only that, but now we are also able to go to the facility's intranet and we able to sign in and view every lab, diagnostic test, test results, etc., ever. And this is available from home as well.
- 11Oct 23, '12 by Esme12, BSN, RN Senior ModeratorThat is why it is not an actual violation of HIPAA for you cannot violate your own privacy and healthcare information. You "need to know" your healthcare information in order to provide yourself care and make healthcare decisions. If it was a HIPAA violation the facilities that allow patient access to their lab results, tests results etc would be in violation.
It is more of a facility policy of unauthorized use of the hospitals computer system for personal use that is prohibited.....and liability if you leave your information to be seen.........but HIPAA laws are widely interpreted differently by facilities that claim HIPAA and it isn't HIPAA. If your facility allowed you to look you could look....your facility prefers to have a policy that forbids employees from accessing their personal records during work time and want the proper paper work filled out (probably so they can charge).
So....if your facility has decided that you may not look up your own record then you can't. If you are required to go through medical records than that is what you must do. If the punishment says that you can be fired then you can be fired.
It their game their rules.
The answer: Is this a HIPAA violation?