This is kind of conundrum for me, and I wanted to get your advice on this. I know for a fact several of the nursing students in my class looked at my electronic medical record during clinicals.
A handful of my classmates had looked at the EMRs of other patients that we collectively knew, and when I reported this to the clinical instructor nothing was done.
Then, later, when someone unrelated asked me about how I was doing with an obscure medical condition that happened to come up in the class lecture material--that I had not mentioned to anyone--I can be reasonably certain that they looked at my record, as well.
I don't have any "hard" evidence for this, aside from the fact that I would bet non-trivial sums of money that when an electronic audit is conducted, it will show that the student accessed my record.
How do I begin the process to file a HIPAA complaint based on what might appear to be pure speculation?
Under the HIPAA regs, you can request a list of disclosures of your medical records: other parties outside of the facility to whom your PHI has been provided to. However, this situation does not fall under that category.
What you are probably talking about is an audit trail of whom has accessed the medical record. This is generally provided by the Medical Records or the IT people, and they routinely run this when there is a complaint about inappropriate access to the records. I am not sure I would give that audit trail to the patient, at least with the names of the persons on it. If you asked me 'Did person B access my chart', I would look on the audit trail and tell you yes or no.
During a staff meeting they talked about the audit trail. On another unit there were a couple nurses who would look at the ER census see someone they knew and would read doctors' notes, etc. The IT people can see every click a specific user ID has made in the EMR and I think how long the person was on the page.
If they did indeed look up your EMR, then yes it was a HIPAA violation (unless they were involved in your care). Medical information can only be shared when its necessary for the medical care of an individual, with additional exceptions for educational purposes (which is why it is okay for students to discuss patients they collectively know provided its in an educational context).
You should be able to contact the hospital and verify if this was the case as electronic charting software keeps automatic logs of who views what.
Make the formal request for an audit through the hospital. They can detect all activity on your record. You should not have to do anything more than make that request. I am sorry this happened to you.
Ele_123
49 Posts
During a staff meeting they talked about the audit trail. On another unit there were a couple nurses who would look at the ER census see someone they knew and would read doctors' notes, etc. The IT people can see every click a specific user ID has made in the EMR and I think how long the person was on the page.