HIPAA

Most facilities have forms that are specific to the facility that need to be filled out in order to allow access to medical records.

Texts are easy to fake and could be sent by anyone. Without actually having looked at your hospital's policies, there's a good chance HR is correct.

Also, thank you for spelling "HIPAA" correctly. Seriously. You kinda made my day.

Thank you for your response... I referred to my employee handbook and it states, "It is essential that we keep information about patients and employees absolutely confidential. Such information may only be shared with others at (my facility) on a "need-to-know" basis to enable them to effectively carry out their responsibilities. Unauthorized access or release of private or confidential (i.e. patient, employee or company) information may result in disciplinary action including termination of employment."

Right. That's pretty standard. Somewhere in your company's policy, there is an official process for obtaining one's personal health records. There, it will spell out the process to obtain access to those records either oneself or by proxy (through your friend, for instance).

Talk to the folks in medical records. They surely can tell you the process and probably the policy supporting it.

My former employer didn't allow employees to access their own records. They certainly would not allow this and would fire her over it. It's all about what the policy is. If I access my records...fired.

I believe there are 2 separate issues to consider here: 1. A probable HIPAA violation, and 2. The unauthorized release of test results.

You may be able to convince HR that you asked and gave permission to your friend to look up your record, but it is still a HIPAA violation that she did so, because she had no need for that information.

Also, most institutions have policies regarding who may release test results and diagnoses to patients. Since she was not involved in your care or authorized by your physician, she most likely violated that policy also.

I'm sorry for your circumstances, but your unwillingness to wait for your doctor's office to speak with you has put your friend in a very bad place.

Also, thank you for spelling "HIPAA" correctly. Seriously. You kinda made my day.

Hear, hear!

And you have made mine by not writing, "Here, here!"

My hospital (which is connected to a clinic system) does not allow employees to access our own EHR. We were advised during our EHR training day that we could be terminated for doing so; we either have to sign up for "My Chart" which allows us to see test results but not things like provider notes, or we have to follow the official protocol for requesting our records--the same as any other pt does.

If you hospital has a similar policy, it sounds like you weren't authorized to give this type of permission to your friend. Your friend also should have known better.

I do hope that everything works out for both of you, and of course hope your back is ok!