Do You Know What Your Employees are Doing?

If not, you need to know what protected health information (PHI) they are looking at and make sure they have a legitimate need.

We can help your practice get up to date and prepared to minimize breach risks from third-party vendors. Subscribe to stay current and up to date on important matters that will impact your practice.  (To subscribe to our blog .

Failure to make sure your employees know not to access PHI without a legitimate business need can be costly.

Michigan Medicine notified 269 patients that a new employee accessed patient records without a legitimate need.

The investigation showed the employee looked at demographic and clinical information, out of curiosity. The information was not used or disclosed for any other reason.

While this might seem like a ‘smaller’ breach than many in the headlines, it still managed to make the headlines.

This type of internal PHI breach can impact a healthcare facility, because they can lose patients, their public trust is damaged, and they may open themselves up to further government audits, reporting requirements, or even fines.

How can you protect your practice from snooping employees?

Make sure your employees are trained on minimal use in regards to PHI. Also, make sure your employees know what constitutes PHI. PHI is very broad and can encompass a lot more than employees may think.

Have open and frequent discussions and trainings regarding PHI, HIPAA, and their obligations. Let them know that personal sanctions can be in place for their improper actions.

Next, make sure you know where employees are accessing PHI from. Do you have an inventory of devices? Is it up to date? Can employees access PHI remotely?

Finally, make sure your employees have a way to anonymously report any of their concerns. Often, staff knows about ongoing issues well before the doctors in the practice do. If they have a way to report, and know that they will be heard, they are often more inclined to report suspicious behavior.

We help our clients train their employees and let employees know their concerns will be taken seriously. If you need help training your employees, contact Rickard & Associates today.

We publish vital information on health law topics and news every Wednesday and Friday. To get this important information delivered directly to your mail box, 

Do you need help with updating your Business Associate Agreement or negotiating contracts with third-party vendors?  We can help. To contact us about your Business Associate Agreement, your vendor contracts or your other legal needs, contact Rickard & Associates today.

Related Posts


Recent Posts

Are You Prepared for an Audit?
May 30, 2023
Why Shouldn’t I Use an Online Will?
May 25, 2023
What You Need to Know About Licensing and Credentialing
May 23, 2023
How Do I Get Out of My Non-Compete?
May 16, 2023
What is a Medical Power of Attorney?
May 11, 2023


Subscribe to Our Newsletter

Subscribe and get your FREE copy of Easy Guide to HIPAA Risk Assessments

An essential tool for all healthcare providers, Easy Guide to HIPAA Risk Assessments breaks down the requirements of HIPAA so you can successfully complete your required risk assessment. (an $8.99 value)

Thank you for subscribing to the Rickard & Associates healthcare blog. You'll receive a confirmation email shortly. After verifying your subscription request, you'll be sent to the "Easy Guide to HIPAA Risk Assessments" download page.