Do you know who is accessing the practice’s patient’s protected health information (“PHI”)?
While many healthcare providers would quickly respond, “of course,” healthcare providers would be surprised to find out how easily it is to access electronic PHI stored on hard drives and electronic medical records (“EMR”).
As with all technology, there is a guise of secrecy when an individual can click on a file, view it, and close it. If that same individual wanted to view a paper chart, they would likely have to open the file cabinet, find the paper chart, view it and put it away with other office personnel becoming suspect. With technology, an individual can view a patient’s chart with a click of a button from the privacy of his/her workstation.
- Identify when VIP patient records (i.e., board members, celebrities, governmental or community figures, physician providers, management staff, or other highly publicized individuals) are accessed;
- Identify when patient files are accessed after no activity for 120 days; and
- Identify when patients’ files are accessed by employees or workstations that should not have access to said files (scheduler accessing patient’s PHI);