Hi, I have a friend that has been found to have used epic inappropriately. She stated that she typed in names of coworkers, pulling up their facesheet, but did not open their chart. She's very frantic at this point said she doesn't know what she was thinking and knows it was a really dumb move. Anywho, HR has suspended her while they are investigating. I'm trying to help her with this situation but I'm not sure how to guide her. Is there anything I can say to help her out or is there any advice I could possibly give her to help her keep her job as far as advising her what to say and/or do at this point?
"Why are you not shaking in your boots about this rule like everyone else is?"
Because I don't violate HIPAA.
"I would NEVER!! I can't believe someone would do this".
Haven't we all seen way worse behavior from our coworkers?? Supervisors want to be everyone's friend and look the other way these days. They are afraid of losing staff.
Specializes in Advocacy, ethics, reform are long-term goals..
As someone who has had a malicious coworker do this to me and then openly slandered my name and other coworkers names, I have no sympathy. People lacking self control alongside overinflated self entitlement and lack of accountability do not belong in healthcare, or at least in roles that afford privilege and potential abuse of power.
You seem conscientious and trustworthy, loyal, and for those virtues you should consider honoring yourself, advocating for yourself, by distancing from this person. Your first loyalty should be to yourself, and that requires discernment. I feel your moral distress in this situation; she has not only violated coworkers privacy but also your sense of integrity by seeking you as a support person. That is fundamentally wrong and says volumes about her.
Keep up the good work. You seem like a coworker we would all benefit from working alongside. I apologize (to you) if my opinion seems harsh, I just know how violated, literally, the violated persons feel in this unprofessional situation.
Specializes in Advocacy, ethics, reform are long-term goals..
I am also prickly about HIPAA violations as I have recently overheard nursing students openly laugh about looking up fellow students on Epic (while employed as CNAs and using supervisor login).
Its the audacity and casual, flippant disregard for the sanctity of HIPAA and basic human rights of dignity and privacy that boils my blood. People shamelessly lacking morals and ethics do not belong in the nursing profession. HIPAA violations need to have zero tolerance consequences.
Yes, they do run scans/reports that show who has been in what chart and will track down those who are nosing into things they have no business in. Epic, as noted by an OP, has the "break the glass" feature for a reason. When it comes to rooting around charts you have no business in, just. . . Thou shalt not. Don't do it. Avoid at all costs. Find something else to do. Take up knitting. Make a rubber band ball. Anything else. I literally watched a practice manager be escorted out and fired while I was a student NP because this person had the audacity to look up one of their MA's COVID test results in their EMR system. Literally threw their job away for the point of being right (or wrong) that someone might have not actually had the illness when being sent home by employee health policy after reporting symptoms and being tested. Pettiness. Just don't look in charts you don't belong in. Stick to your actual work. The risk is not worth it.
I've never known anyone in the clinic setting get fired over a chart access violation. The organization highly emphasized that we shouldn't be accessing our own charts or those who live on the same street as us (two flags). My organization emails out company-wide medical error scenarios. Why wouldn't they email chart access violations as well?
As JKL33 said: "a pattern of making multiple patient searches in the EMR for people who have possibly not even received services recently is a pattern that could be easily detected." I agree, but I really don't think a one time chart access is going to be detected unless that person is a high profile celebrity.
I had a CMA get fired for accessing her dad’s chart to check some test results. He was not a pt of our office so there was no reason for any of us to access his chart period. If we’re working and a relative comes in for an appointment, we can not even chart on them for their visit, we have to get another clinical staff member to open the chart and document on it.
"If we’re working and a relative comes in for an appointment, we can not even chart on them for their visit, we have to get another clinical staff member to open the chart and document on it".
I do understand some facilities have this policy. What happens if you're the only one working in the department that day, or are the only clinical support in an urgent care? This must be a problem with the nation-wide short-staffing.
"I would NEVER!! I can't believe someone would do this".
Haven't we all seen way worse behavior from our coworkers?? Supervisors want to be everyone's friend and look the other way these days. They are afraid of losing staff.
Same same same. I work outpatient (with an IT department which, quite honestly, is probably not competent enough to even run audits). Coworkers regularly engage in behavior that is so much worse than snooping (ignoring urgent calls, being rude and dismissive of people who have medical concerns, ignoring doctors' direct orders) -- I'm not sure why violating HIPAA has become everyone's most unforgivable offense.
Thanks for the responses. I'm aware of those facts, unfortunately I don't believe she was at the time. She's a true friend, I don't want to leave her hanging.
Nope. That sort of stuff is covered extensively in orientation.
What would cause them to look into an employee's access?
Perhaps it was flagged in the system that this person was opening a bunch of charts of people who weren't active patients in her unit. That caused IT/informatics/etc. to dig deeper...
mmc51264, BSN, MSN, RN
3,319 Posts
I would NEVER!! I can't believe someone would do this.