Nursing Students Looked at my EMR... HIPAA?

There should be an anonymous tip line at the facility to report your suspicions. Look on the website.

This absolutely needs to be reported. It's unfortunate that your instructor didn't take it seriously.

You can contact the facility compliance, privacy or risk officer or any member of senior leadership. As noted above, there is likely a phone hotline you can call or file an anonymous incident report if you don't wish to directly contact the compliance, privacy or risk people.

Absolutely, 100% report this. When I was in nursing school, a blatant HIPPA violation like that was an automatic expellable offense. It is egregious and extremely disappointing that your instructor didn't take it seriously.

When they are investigating any violation of your EMR, they will be able to see exactly who logged in to it.

I am sorry you had your privacy violated in this way.

It is permissible to look at patient records for the purposes of education, with the caveat that no information thus obtained can be disseminated in any form with personal identifying information. This doesn't mean that they can all sit down at the nursing station and mosey around in all the records they can open.

I'm sorry your privacy was violated, but now that it is, apparently, getting to be common knowledge, suggest you ask for a slot to present on HIPAA to your peers, with particular attention to your own case, and outline how you, personally, have gone through the reporting process. Say you're waiting to hear about the audit trail. Watch for squirming, and enjoy it; it may even overshadow your own squirming over your privacy violation. I certainly hope so.

It is permissible to look at patient records for the purposes of education, with the caveat that no information thus obtained can be disseminated in any form with personal identifying information. This doesn't mean that they can all sit down at the nursing station and mosey around in all the records they can open.

I'm sorry your privacy was violated, but now that it is, apparently, getting to be common knowledge, suggest you ask for a slot to present on HIPAA to your peers, with particular attention to your own case, and outline how you, personally, have gone through the reporting process. Say you're waiting to hear about the audit trail. Watch for squirming, and enjoy it; it may even overshadow your own squirming over your privacy violation. I certainly hope so.

OP, please come back & let us know how this worked out for you.

I thought there was a way for people to request a list of who viewed their records?

I thought there was a way for people to request a list of who viewed their records?

Under the HIPAA regs, you can request a list of disclosures of your medical records: other parties outside of the facility to whom your PHI has been provided to. However, this situation does not fall under that category.

What you are probably talking about is an audit trail of whom has accessed the medical record. This is generally provided by the Medical Records or the IT people, and they routinely run this when there is a complaint about inappropriate access to the records. I am not sure I would give that audit trail to the patient, at least with the names of the persons on it. If you asked me 'Did person B access my chart', I would look on the audit trail and tell you yes or no.

Easy. Report your complaint here: Filing a HIPAA Complaint | HHS.gov or you may call the Department of Health and Human Services, Office for Civil Rights toll-free at: 1-800-368-1019. You can also call the hospital in which the offense occurred and ask to speak with the compliance officer, who will audit the records and take appropriate action.