Tuesday, July 13, 2010

Can Patient Privacy be Secured when Non-Employees are Given Access to a Hospital's EHR?

A Colorado Springs hospital claims a city employee accessed 2,500 electronic medical records in violation of the HIPAA/HITECH privacy rule.

How can a hospital maintain patient data privacy when it is required to allow non-employees access to the hospital's medical records? Given the drive toward health information exchanges (HIE) how can hospitals protect their patients' data privacy? Your thoughts?
"From my understanding, she was accessing the [electronic medical] records when she wasn’t at work. She wasn’t doing it as part of her job." - Hospital Spokesman
The city employee had worked as an occupational health nurse for eight years. As part of her job she was authorized to access the hospital's medical records related to her patients.

The nurse had signed forms agreeing to abide by HIPAA/HITECH privacy requirements, but according to a reporter at The Gazette, a local newspaper, the nurse did admit to accessing the electronic medical records for personal reasons, such as looking up the phone number of a friend that she had lost.
"“I guarantee that accessing the [medical records] database for stuff like that is rampant in the medical community. If you talked to other medical people, you’d find out that it’s pretty damn common." - Nurse accused of unauthorized access
The Hospital only learned of the 2,500 privacy breaches when it was notified by the city. The nurse's supervisor raised a concern because of unusual patient access activity by the nurse, including a high frequency of access and access from unusual locations.

The nurse claims her supervisor was fishing for an excuse to fire her after the nurse's 'psychic' abilities revealed her supervisor had a life-threatening condition. The nurse admits to looking at the supervisor's medical records to see if the supervisor heeded her advice and sought treatment.

As a results the hospital is looking into a software service to more quickly alert hospital officials to unusual activity surrounding electronic medical records.

(a) Memorial Patient Records Improperly Accessed - Memorial Health System, July 11, 2011
(b) 'Psychic' nurse says she is unfairly targeted in hospital records case - The Gazette, July 11, 2011

No comments:

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.