Breach of HIPAA to look up one's own medical records at work??

Nurses HIPAA

Published

Specializes in ICU.

Just wondering what the rationale for this rule is- we are not allowed to enter the chart of any patient unless it is for patient care- which of course makes sense. However we were told that this includes our own charts. I can understand management not wanting us to be using company time for personal things, but they say that a consequence of looking at our own medical record can include termination, which I don't understand if we can request access to our chart via the medical records department anyway? Any thoughts?

Specializes in Emergency Nursing.

Where I work, you have to sign a form to access your own chart. This is given to every new hire. But yeah, if you don't sign it, you can get in trouble if you peek.

Not sure why, I agree it seems counterintuitive.

Specializes in OR, Nursing Professional Development.

We have to go to medical records and sign the form. Kind of evens the playing field- Joe Shmoe can't just walk up to a computer and pull up his records; why should we be any different just because we happen to work at the place that has our medical record? And accessing our own record isn't related to patient care in any way. Many places offer websites where patients can look up their own information anyway.

Specializes in ICU.

But, why does the playing field *need* to be evened?

It is a HIPAA violation because the facility is failing to keep the records secure. The organization/facility is required by state and Federal law to have an established process for protecting and appropriately releasing medical records that applies to everyone. From the facility's perspective (and that of the state and Federal regulatory agencies), it makes no difference whether the individual is an employee or not. They are required to follow their own policies and rules, which typically means formally requesting the record and signing the necessary release forms. Every facility I've ever worked for, and every facility I surveyed when I worked as a hospital surveyor for my state and CMS, had a policy for releasing individuals' records to them on request, and that policy did not include employees just being able to pull their records up on a computer at work; employees were required to go through the same process as everyone else (and, yes, violating the policy could be grounds for termination). State and Federal confidentiality laws restrict employees' access to records to a "need to know in order to provide care" standard, and you don't "need" to access your own records in order to provide care to yourself.

Specializes in ER, ICU.

Yeah, it's the process that the facility cares about. There is a legal process for accessing medical records that you must follow. It's that simple, a pain but the reality.

Specializes in Emergency, Telemetry, Transplant.

In the time I have been working for this system (about 4 years) it has gone from not being able to look up you records on the computer to now where you are able to look at your records on the computer without having to go through medical records. I'm not sure the rationale for not being able to view your own records. On this issues of security/confidentialilty....you don't need to see your records to provide care to yourself, but I cannot see how accessing your own record constitutes a HIPAA violation R/T security of the information.

On the other hand, an employee is never allowed to look up someone else's information, even if they are legally allowed to view it. The obvious example of this is a parent looking up their minor child's chart.

I guess it depends on the facility. We were informed we could look up our own records and all of our old charts. Not only that, but now we are also able to go to the facility's intranet and we able to sign in and view every lab, diagnostic test, test results, etc., ever. And this is available from home as well.

Specializes in Critical Care, ED, Cath lab, CTPAC,Trauma.

That is why it is not an actual violation of HIPAA for you cannot violate your own privacy and healthcare information. You "need to know" your healthcare information in order to provide yourself care and make healthcare decisions. If it was a HIPAA violation the facilities that allow patient access to their lab results, tests results etc would be in violation.

It is more of a facility policy of unauthorized use of the hospitals computer system for personal use that is prohibited.....and liability if you leave your information to be seen.........but HIPAA laws are widely interpreted differently by facilities that claim HIPAA and it isn't HIPAA. If your facility allowed you to look you could look....your facility prefers to have a policy that forbids employees from accessing their personal records during work time and want the proper paper work filled out (probably so they can charge).

So....if your facility has decided that you may not look up your own record then you can't. If you are required to go through medical records than that is what you must do. If the punishment says that you can be fired then you can be fired.

It their game their rules.

The answer: Is this a HIPAA violation?

Specializes in PICU, NICU, L&D, Public Health, Hospice.

It is likely not a HIPAA violation to view your own record...

It is likely a violation of your employer policy to view your own record...

Specializes in Pedi.

I used to run into similar problems working in the hospital. I worked in a pediatric hospital and every now and again, we'd have a patient whose parent worked at the hospital. I once walked into a room and found my patient's mother (An Attending Physician at the hospital) logged into the COW we used for medication scanning. She knew that she wasn't supposed to be on it but didn't so much as apologize when I caught her. She was looking up her daughter's lab values, reading her chart, etc. I was never a patient at this hospital except for one time when I was a nursing student and had a fainting spell... my preceptor and I looked up what the ER wrote about me after that. It's not a HIPAA violation- you have a right to your own information- but, as others said, may be a violation of facility policy.

What!?! HIPAA does not just protect your records from unauthorized disclosure, it also gives you, as the patient, the right to view your records. Your employer is violating HIPAA by not allowing you to view your records upon request. It looks like it's how you go a/b it that could be the problem. For Consumers

+ Add a Comment