Breach of HIPAA to look up one's own medical records at work?? | allnurses

Breach of HIPAA to look up one's own medical records at work??

  1. 3 Just wondering what the rationale for this rule is- we are not allowed to enter the chart of any patient unless it is for patient care- which of course makes sense. However we were told that this includes our own charts. I can understand management not wanting us to be using company time for personal things, but they say that a consequence of looking at our own medical record can include termination, which I don't understand if we can request access to our chart via the medical records department anyway? Any thoughts?
  2. Visit  sapphire18 profile page

    About sapphire18, BSN, RN

    sapphire18 has '6' year(s) of experience and specializes in 'ICU'. From 'East Coast'; Joined Jul '09; Posts: 1,338; Likes: 2,200.

    24 Comments so far...

  3. Visit  Anoetos profile page
    Where I work, you have to sign a form to access your own chart. This is given to every new hire. But yeah, if you don't sign it, you can get in trouble if you peek.

    Not sure why, I agree it seems counterintuitive.
    MDtraumaRN and sapphire18 like this.
  4. Visit  Rose_Queen profile page
    We have to go to medical records and sign the form. Kind of evens the playing field- Joe Shmoe can't just walk up to a computer and pull up his records; why should we be any different just because we happen to work at the place that has our medical record? And accessing our own record isn't related to patient care in any way. Many places offer websites where patients can look up their own information anyway.
  5. Visit  sapphire18 profile page
    But, why does the playing field *need* to be evened?
    BrnEyedGirl likes this.
  6. Visit  elkpark profile page
    It is a HIPAA violation because the facility is failing to keep the records secure. The organization/facility is required by state and Federal law to have an established process for protecting and appropriately releasing medical records that applies to everyone. From the facility's perspective (and that of the state and Federal regulatory agencies), it makes no difference whether the individual is an employee or not. They are required to follow their own policies and rules, which typically means formally requesting the record and signing the necessary release forms. Every facility I've ever worked for, and every facility I surveyed when I worked as a hospital surveyor for my state and CMS, had a policy for releasing individuals' records to them on request, and that policy did not include employees just being able to pull their records up on a computer at work; employees were required to go through the same process as everyone else (and, yes, violating the policy could be grounds for termination). State and Federal confidentiality laws restrict employees' access to records to a "need to know in order to provide care" standard, and you don't "need" to access your own records in order to provide care to yourself.
    VickyRN, NRSKarenRN, BlueDevil,DNP, and 7 others like this.
  7. Visit  nurse2033 profile page
    Yeah, it's the process that the facility cares about. There is a legal process for accessing medical records that you must follow. It's that simple, a pain but the reality.
  8. Visit  psu_213 profile page
    In the time I have been working for this system (about 4 years) it has gone from not being able to look up you records on the computer to now where you are able to look at your records on the computer without having to go through medical records. I'm not sure the rationale for not being able to view your own records. On this issues of security/ don't need to see your records to provide care to yourself, but I cannot see how accessing your own record constitutes a HIPAA violation R/T security of the information.

    On the other hand, an employee is never allowed to look up someone else's information, even if they are legally allowed to view it. The obvious example of this is a parent looking up their minor child's chart.
    sapphire18 likes this.
  9. Visit  Dazglue profile page
    I guess it depends on the facility. We were informed we could look up our own records and all of our old charts. Not only that, but now we are also able to go to the facility's intranet and we able to sign in and view every lab, diagnostic test, test results, etc., ever. And this is available from home as well.
  10. Visit  Esme12 profile page
    That is why it is not an actual violation of HIPAA for you cannot violate your own privacy and healthcare information. You "need to know" your healthcare information in order to provide yourself care and make healthcare decisions. If it was a HIPAA violation the facilities that allow patient access to their lab results, tests results etc would be in violation.

    It is more of a facility policy of unauthorized use of the hospitals computer system for personal use that is prohibited.....and liability if you leave your information to be seen.........but HIPAA laws are widely interpreted differently by facilities that claim HIPAA and it isn't HIPAA. If your facility allowed you to look you could look....your facility prefers to have a policy that forbids employees from accessing their personal records during work time and want the proper paper work filled out (probably so they can charge).

    So....if your facility has decided that you may not look up your own record then you can't. If you are required to go through medical records than that is what you must do. If the punishment says that you can be fired then you can be fired.

    It their game their rules.

    The answer: Is this a HIPAA violation?
    VickyRN, NRSKarenRN, GrnTea, and 8 others like this.
  11. Visit  tewdles profile page
    It is likely not a HIPAA violation to view your own record...
    It is likely a violation of your employer policy to view your own record...
    MrChicagoRN and sapphire18 like this.
  12. Visit  KelRN215 profile page
    I used to run into similar problems working in the hospital. I worked in a pediatric hospital and every now and again, we'd have a patient whose parent worked at the hospital. I once walked into a room and found my patient's mother (An Attending Physician at the hospital) logged into the COW we used for medication scanning. She knew that she wasn't supposed to be on it but didn't so much as apologize when I caught her. She was looking up her daughter's lab values, reading her chart, etc. I was never a patient at this hospital except for one time when I was a nursing student and had a fainting spell... my preceptor and I looked up what the ER wrote about me after that. It's not a HIPAA violation- you have a right to your own information- but, as others said, may be a violation of facility policy.
  13. Visit  mariebailey profile page
    What!?! HIPAA does not just protect your records from unauthorized disclosure, it also gives you, as the patient, the right to view your records. Your employer is violating HIPAA by not allowing you to view your records upon request. It looks like it's how you go a/b it that could be the problem. For Consumers
  14. Visit  psu_213 profile page
    Quote from mariebailey
    What!?! HIPAA does not just protect your records from unauthorized disclosure, it also gives you, as the patient, the right to view your records. Your employer is violating HIPAA by not allowing you to view your records upon request. It looks like it's how you go a/b it that could be the problem. For Consumers
    Wait...the facilities that prohibit employees from looking up their own charts on the computer are not preventing employees from seeing their records, the are just dictating how they get the information (i.e., they have to go through medical records...the cannot look them up on their own). While I think it is kinda silly to not allow employees to view their own medical records, the hospital is within their rights to force employees to go to medical records like everyone else.
    maelstrom143, dudette10, elkpark, and 2 others like this.

Must Read Topics

Visit Our Sponsors