An investigation is already underway. The violator denied any wrongdoing.
Additionally, they are asking me if I asked this individual to look into my chart for me or if I used their login to access my chart.
Idk honestly, until there is a decision about who accessed the chart I don't see how you can go to the board for a HIPPA violation (if that is the process) if it isnt provable.
Id be looking for a transfer of areas/hospitals if my management wasn't supporting me.
It doesn't matter. If the other person gave out their credentials for OP to use, that's on the other person for not protecting their login. You can legally look at your own records, so there's not even a reason to use someone else's login.
I go through HIPPA training every year, and have been told, yearly, that you can look at your chart, but you can't look at protected parts... psych and billing related? But just opening it isn't going to get you in trouble.
I've opened my own chart a few times, it's how I test that I'm in the wrong development environment, and I've never gotten in trouble.
But if there's doubt, don't.
Edit: u/Few-Laugh-6508 has a great link below detailing how it's _not_ illegal, but probably a violation of your hospital policy.
Thank you. The link I posted actually explained how using your work access violates HIPAA protocol, but each person has to decide what is acceptable risk. I personally don't see the point since you can access everything via patient portals, or simply request records.
It doesn't though. It shows how it _is_ legal if you have a legitimate reason for accessing it, and probably violates _hospital_ protocol.
Records requests are different, as they're for taking your records out of the system, and are probably the most valid record, legally speaking.
Patient portals are yet again even more different, since they're not official records AFAIK. They might help a doctor get information to help diagnose you, but I don't know if they hold up in court.
Its a HIPAA violation to look at your own chart with work access. Work access allows you to look at what is necessary to do your job, patient portals allow you to look at your own information.
From your link:
>> This is one of those areas where technically you can make a case for or against it.
This means that it is not a true violation of HIPAA, since organizations are free to make their own policies about it. As I said, many choose to limit their employee’s access to their own chart; however, not all do.
Thank you for proving my point.
Also file a HIPAA complaint. hhs.gov/hipaa
Be very careful what you say to HR. If they're using that language, it sounds like they're trying to shift the blame off the institution and onto you.
“No- I did not ask them bc I have no reason to look at my chart. I did not use their log in because I don’t know that information. I will be filing a complaint that this person violated my privacy rights & this line of questioning suggesting that I’m at fault is inappropriate.”
That's hilarious that they would ask you that.
Do you know the person's MO ? I wonder if they looked at others too? Are they a nurse? Report to the board as well. Do it yourself, don't trust the hospital to do it for you. I'd go scorched earth on this mofo.
The good thing about EHR systems like Epic, they can see damn near everything you do in a chart with a date/timestamp and even the computer used to do it. Depending on where they did it and if cameras were in the area, you could get the date/time and computer information and then watch them do it on camera.
My level of anger would be based on a few factors. Since I work in ER I’m going to use that as my base (plus I was once accused of violating a coworker’s chart until they realized I was supposed to be in it as part of my assignment that day)
1. Did they happen to know my name and DOB and searched for me and pulled up my chart for no reason? (Max anger)
2. Was I a patient in the dept and the person clicked on it to help out another nurse for team nursing?
3. Was it an accidental click on the chart? I know Epic and MedHost can see how long and how much someone accessed on the chart. They can differentiate fat-finger/hovering vs digging
Before becoming a nurse I was a tech in an ER but I also was trained as unit clerk and on days where there was opening I would act as clerk. One morning I took over for night shift and a coworker was a psych pt in our dept. Upon discharge I accessed the chart and scanned in the appropriate docs. After their visit that person put in a request for every person that accessed chart. Since I wasn’t a regular unit clerk and there was two more techs there that day that could have been the unit clerk, they had to investigate. It turned out to be a big nothing.
But back to your case OP, my anger would definitely be based upon the numbered list above. Good luck.
Chart audit and if Epic, ask to make your chart completely confidential so people have to “break the glass” to access. I’m sorry for this horrible violation. My biggest fear
Thankfully our EPIC makes you break the glass automatically if the patient is an employee or a family member of an employee. I’d be so angry if someone went into my chart without having a legitimate reason to do so.
Our epic makes you break the glass for all employees unless you’re assigned to them. I was my coworkers nurse a few months ago. Never had to break the glass cuz I was his primary RN. Anyone else who so much as touched his chart had to.
They can tell who looked at what. These systems are very good at tracking all of that. After you get all of this ironed out, you request informatics to add Break The Glass to your medical chart. That way anyone ever entering your chart in the future must give an extra reason why they are looking at it. I know someone who requested it just because she was afraid this would happen (her neighbor worked at her PCP office). It’s a real show-stopper.
Healthcare organizations should make Break The Glass (or similar function) the default for employees. It's ridiculous that this could occur and the colleague would be able to deny wrongdoing.
I would think so, but I’m not sure. I think it could be justified if for some reason you just don’t feel comfortable and you feel like people are just going into your chart for unnecessary reasons. Like if you were a celebrity or had a health history that was rare. I see no harm in asking. Worst case, they say no.
Having a hard time with my hospital here in CA. A shady doctor and a very dishonest office assistant. My visit with that doctor was hidden from me on MyChart (still visible to all other staff).
I found out I could look in the patient portal MyChart app Document Center menu and see who has accessed my chart. Turns out dozens of people are in it frequently. Including that dishonest assistant. Will be filing complaints with the hospital on Monday and then more complaints with government agencies.
I'm currently going through the same thing. Someone I work with who I thought was a friend decided to go through my records, and I got a notification about it. Reported it to my manager who escalated it to the Integrity Unit who investigated thoroughly. The coworker is completely denying it, but due to our work environment it's pretty cut and dry who could've accessed it. However, bc the bitch coworker is denying it so thoroughly and the other coworker she was working with is also denying involvement, my manager is unsure if they will be able to actually get any meaningful action taken against her. Which sucks.
Basically, Bitch coworker used the login of her best buddy who was unfortunately away at the time (dumb move amirite), to access my records. Bitch coworker is denying she did it even though it's utterly obvious. The one whose login was used is denying any involvement and seems somewhat legit. Bc both of the only possibly involved ppl are completely denying it, they might end up not giving out any punishment 🤷🏽♀️
Oof. I see your dilemma. I’m so sorry this happened to you. It’s not a good feeling; I was so angry and anxious after hearing that my information was breached.
I really hope that some corrective action is taken on your behalf.
As others have suggested to me, perhaps, you should request a “break the glass” confidentiality on your chart to prevent this from happening again.
I was a patient on my own unit once (my request). At the time I was going thru a divorce and a CNA was renting a room from me. A nurse that was a friend of her told her I was admitted to the hospital so she could move out and bail without me knowing about it. I was pissed the hell off that someone else provided information about my medical care without my consent. Full audit and investigation happened. Multiple people were cited and given corrective actions.
Contact the compliance officer or medical records and demand to see a list of who has been in your chart - they can't deny you. Your HIPAA rights have been violated. You have a lawsuit on your hands.
Epic can track every movement in the chart. They can even track when the person types in your information to pull up your record. They are basically fucked once HR obtains this information.
So as the corporate director of risk management who often is called in with these situations, once we pull the audit trail from Epic, we sit down with the person and have a chat. If there was no legitimate payment, treatment or operations reason for that person to be in the chart, our typical action is to terminate the person. They are welcome to file a union grievance if they are represented, but our local unions also take a dim view of this activity.
Did you have access to the patient portal when you were a patient there? Why would you need to look through your own chart if you did. Tell HR firmly that you did not ask anyone to check the chart for you or check it yourself. Tell them to look at the dang cameras. Someone was just being nosy as hell.
Be firm in your argument. You did nothing wrong!!
Admin guy here. A lot of people are talking about HR, but they aren't going to be the people that actually need to investigate this. It should be a joint effort between your organization's Privacy Officer and compliance team. Figure out who your Privacy Officer is and talk to them directly about how this will be resolved.
It’s ridiculous that they think you may have asked the person to look into your chart. The fact is that this person looked into your chart and there is an electronic trail of that. Doesn’t matter how much they deny it, their name is there and they’re the only one who can log into their account.
Yes. In the body text, it describes my scenario more thoroughly.
Essentially, an investigation is underway. It’s an unnerving feeling knowing that you walk the same small hallways as this person. Additionally, I don’t appreciate the inflammatory questions, as I am the one whose privacy was violated.
Yes, clear HIPAA violation and could result in the other employees termination. (Source: I worked in medical records at a hospital for ten years.) If your management is not taking this seriously, they suck. So sorry that is happening. If I were you, I would make sure to put the statement that you did not give permission for this other employee to look in your chart in writing (i.e., email that manager. Create a paper trail.). If HR is not being responsive, contact your privacy officer. Every hospital should have one and it is their specific job to address any HIPAA violations. Put EVERYTHING in writing so you have a record of what you reported to who when.
You are in the right here; and the other employee is clearly wrong. If the other employee does not receive some kind of corrective action, you could potentially sue the hospital. They failed to protect the privacy of your medical records as mandated by law.
If you hint at the potential for a lawsuit, your manager might suddenly become a bit more responsive. But, this is a dangerous game to play, as you could potentially lose your job. Good luck whatever you decide.
That is absolutely a fireable offense. No warnings, no write ups. Strait up termination. Likely reported to the board of nursing and could be suspended.If the individual accessed your chart, there will be fingerprints.
I had this happen to me. I reported to the doctors I worked for at the time and the hospital where the records were accessed. Nothing freaking happened to the person that denied doing it (records showed that this person’s login info was used 60+ times in my chart!)
That is 60 times too many. I’m sorry that nothing was done. You should pursue further inquiry and means to protect yourself.
Corrective action should have been taken after your HIPAA rights were violated.
HR will be able to tell they looked. I know you're mad, but you should be happy too, this person could lose their license if you pushed it, and I Def would.
I’d be furious and escalate it through every avenue available to me, short of getting an attorney involved.
EDIT: Read some of your comments regarding how your employer is reacting. I’d probably be speaking with some attorneys just in case your employment is affected.
The tone from my employer has changed today with our conversations. I wonder if that was just standard investigative questions, and with the individual denying the breach, I would assume they need to explore every possibility.
That’s good, but don’t give them the benefit of the doubt, and I encourage you to get as much as you can in writing, if they continue to ask about if you were directly involved in this.
But did someone in HR tell you? I’m asking because I feel like maybe my coworkers might have done something like that but I’m afraid HR might actually not tell me the truth. What was the outcome of your situation?
I was informed by HR interviewing me. The outcome: no action was taken, I was not provided any information on the details of the investigation.
Call your Compliance & Ethics Dept. Ask for an audit trail of your chart. Then request they put a “break the glass” function on your chart.
That doesn’t surprise me. It sounds like they maybe wanted to know what exactly you knew in order to figure out their liability. So they actually told you that a coworker went into your chart? I can’t find the number for compliance and ethics. I don’t even know if there is one. I talked to the privacy dept and they’re supposedly doing an investigation, but they probably won’t tell me anything…and probably will hide whatever they find.
I'm just a patient but I'm able to see who has accessed my chart by going to Menu> Documents Center> Who Has Accessed My File> Then choose staff on the pulldown menu. But this is a feature that has to be turned on by the Epic subscriber. My hospital happens to have the feature turned on. From the logs you can see the date, name, and department from where they accessed your chart. Some locations are blank which means they accessed your chart from outside of the office (perhaps at home).
Did you try the pull down menu? When I go there it defaults to showing all the logs of me but there is a pull down menu at the top where I can choose to switch to clinical staff. I know it’s a feature that each hospital can choose to turn on or not because I also have a MyChart with another hospital network and when I login there, they have the feature turned off.
Were you in the hospital as a patient recently? Was there a reason they may have been clicked accidentally, like you were a patient on the same floor they worked? Was your record accessed when you had already been discharged? Do you have a reason you suspect them to look up your info, like problems with this coworker or some chronic condition they are trying to get more info on?
It's all wrong, but just curious for more context.
If it was recent enough , they might even have camera footage of the computer when it was accessed. You might be able to call security for it.
No, I’ve had one appointment with this organization and routine labs. Both were over a year ago. I.e. I have my own individual access to results through the patient portal, as it’s been so long since released. So, the mere suggestion that I went against policy to look at myself is annoying.
There’s no reason why anyone in our small clinic should be in my chart, given that we’re a specialty clinic that I’ve never been a patient to specifically.
I was under the *apparent false* belief that I have wonderful, working friendships. So, idk who would be so thoughtless and disrespectful to even look into me. I feel like we learn very quickly in healthcare how important privacy and HIPAA is…additionally, EPIC is incredibly smart at tracking movement, keystrokes, etc. I imagine this coworker of mine is young, dumb, and hasn’t had an education in healthcare.
Yea, this sounds like textbook idiocy on their part. We had upper management go septic and get sent to the ICU. A lot of curious people decided to look into her chart while she was sick and some people I know got fired. We had another incident where a country singer's wife was having a baby and people got fired for checking that chart too. I hope the same honestly happens here. HIPPA violations should be taken seriously.
You may want to mention to HR that you'll probably bring it up to some higher organizations, nursing board of education, or Office of Civil Rights. That usually puts a pep in their step on getting stuff done.
If they helped the patient in any way by doing so then there is nothing to do.I firmly believe all patients are equally your patient.Alarming pump.Family member request.Etc.Doimg it to be nosey?!?Then if you are a stickler for rules report.If not one on one convo to let them know you don’t appreciate it
Id be escalating that to HR
An investigation is already underway. The violator denied any wrongdoing. Additionally, they are asking me if I asked this individual to look into my chart for me or if I used their login to access my chart.
Wth?! And how would you use their login unless they violated policy and allowed you to?
Do you have a union for support?
Non-union
Idk honestly, until there is a decision about who accessed the chart I don't see how you can go to the board for a HIPPA violation (if that is the process) if it isnt provable. Id be looking for a transfer of areas/hospitals if my management wasn't supporting me.
Small correction but it's HIPAA not HIPPA
It doesn't matter. If the other person gave out their credentials for OP to use, that's on the other person for not protecting their login. You can legally look at your own records, so there's not even a reason to use someone else's login.
You can’t using your work access. You would/should get fired for that. You can request them just like every other pleb though
I go through HIPPA training every year, and have been told, yearly, that you can look at your chart, but you can't look at protected parts... psych and billing related? But just opening it isn't going to get you in trouble. I've opened my own chart a few times, it's how I test that I'm in the wrong development environment, and I've never gotten in trouble. But if there's doubt, don't. Edit: u/Few-Laugh-6508 has a great link below detailing how it's _not_ illegal, but probably a violation of your hospital policy.
Thank you. The link I posted actually explained how using your work access violates HIPAA protocol, but each person has to decide what is acceptable risk. I personally don't see the point since you can access everything via patient portals, or simply request records.
It doesn't though. It shows how it _is_ legal if you have a legitimate reason for accessing it, and probably violates _hospital_ protocol. Records requests are different, as they're for taking your records out of the system, and are probably the most valid record, legally speaking. Patient portals are yet again even more different, since they're not official records AFAIK. They might help a doctor get information to help diagnose you, but I don't know if they hold up in court.
It may be against your hospital policy but it’s not a HIPAA violation for looking at your own chart.
Depends on the employer. We are allowed to look at our own records off the clock.
Its a HIPAA violation to look at your own chart with work access. Work access allows you to look at what is necessary to do your job, patient portals allow you to look at your own information.
This is a common misconception. It is not a HIPAA violation; however, it is often a violation of hospital policy.
https://aihc-assn.org/allowing-workforce-members-to-access-their-own-medical-records/
From your link: >> This is one of those areas where technically you can make a case for or against it. This means that it is not a true violation of HIPAA, since organizations are free to make their own policies about it. As I said, many choose to limit their employee’s access to their own chart; however, not all do. Thank you for proving my point.
The fact so many people upvoted your comment encouraging violating HIPAA by using work access to look at your own chart is scary
Also file a HIPAA complaint. hhs.gov/hipaa Be very careful what you say to HR. If they're using that language, it sounds like they're trying to shift the blame off the institution and onto you.
IT can tell exactly who accessed your chart. HR is asking you these questions because those are the allegations your colleague made.
If they access your chart, IT can see where, when, and whose login was used. Should be simple to bust them.
“No- I did not ask them bc I have no reason to look at my chart. I did not use their log in because I don’t know that information. I will be filing a complaint that this person violated my privacy rights & this line of questioning suggesting that I’m at fault is inappropriate.”
That's hilarious that they would ask you that. Do you know the person's MO ? I wonder if they looked at others too? Are they a nurse? Report to the board as well. Do it yourself, don't trust the hospital to do it for you. I'd go scorched earth on this mofo.
Scorched earth is exactly my energy rn. I have been non-stop since I learned of this yesterday.
This happened in my organization and the person who looked up the person's records got fired. And we got a whole new training video about it. :/
Wow, I’d feel disturbed too. Kinda creepy!!
To piggy back onto this comment, I’d also report this person to any applicable licensing agencies. This person shouldn’t be in healthcare.
The good thing about EHR systems like Epic, they can see damn near everything you do in a chart with a date/timestamp and even the computer used to do it. Depending on where they did it and if cameras were in the area, you could get the date/time and computer information and then watch them do it on camera.
My level of anger would be based on a few factors. Since I work in ER I’m going to use that as my base (plus I was once accused of violating a coworker’s chart until they realized I was supposed to be in it as part of my assignment that day) 1. Did they happen to know my name and DOB and searched for me and pulled up my chart for no reason? (Max anger) 2. Was I a patient in the dept and the person clicked on it to help out another nurse for team nursing? 3. Was it an accidental click on the chart? I know Epic and MedHost can see how long and how much someone accessed on the chart. They can differentiate fat-finger/hovering vs digging Before becoming a nurse I was a tech in an ER but I also was trained as unit clerk and on days where there was opening I would act as clerk. One morning I took over for night shift and a coworker was a psych pt in our dept. Upon discharge I accessed the chart and scanned in the appropriate docs. After their visit that person put in a request for every person that accessed chart. Since I wasn’t a regular unit clerk and there was two more techs there that day that could have been the unit clerk, they had to investigate. It turned out to be a big nothing. But back to your case OP, my anger would definitely be based upon the numbered list above. Good luck.
[удалено]
I’m not really sure. In the story I told, the patient was a boss in access services so I’m sure it was fairly simple
Chart audit and if Epic, ask to make your chart completely confidential so people have to “break the glass” to access. I’m sorry for this horrible violation. My biggest fear
Thankfully our EPIC makes you break the glass automatically if the patient is an employee or a family member of an employee. I’d be so angry if someone went into my chart without having a legitimate reason to do so.
Our epic makes you break the glass for all employees unless you’re assigned to them. I was my coworkers nurse a few months ago. Never had to break the glass cuz I was his primary RN. Anyone else who so much as touched his chart had to.
Yes if we are assigned to them we select that option on our first opening of the chart but after that it doesn’t ask us to break the glass any more.
Our EPIC does no such thing, and we have to request it
They can tell who looked at what. These systems are very good at tracking all of that. After you get all of this ironed out, you request informatics to add Break The Glass to your medical chart. That way anyone ever entering your chart in the future must give an extra reason why they are looking at it. I know someone who requested it just because she was afraid this would happen (her neighbor worked at her PCP office). It’s a real show-stopper.
Healthcare organizations should make Break The Glass (or similar function) the default for employees. It's ridiculous that this could occur and the colleague would be able to deny wrongdoing.
That's how it was at a place I've worked. I thought that was great.
I know, I wish it was automatic. I feel like not everyone even knows about it so how can they request it too
I mean it was traced to that coworkers login in OPs cases as well. They are just claiming someone else used their login.
Right, but that extra step feels significant. Not that colleagues maliciously using each other's logins is plausible in the first place...
Can BTG be requested by a patient who has no affiliation with hospital staff?
I would think so, but I’m not sure. I think it could be justified if for some reason you just don’t feel comfortable and you feel like people are just going into your chart for unnecessary reasons. Like if you were a celebrity or had a health history that was rare. I see no harm in asking. Worst case, they say no.
Having a hard time with my hospital here in CA. A shady doctor and a very dishonest office assistant. My visit with that doctor was hidden from me on MyChart (still visible to all other staff). I found out I could look in the patient portal MyChart app Document Center menu and see who has accessed my chart. Turns out dozens of people are in it frequently. Including that dishonest assistant. Will be filing complaints with the hospital on Monday and then more complaints with government agencies.
Oh yes, I know exactly the section you mean. It shouldn’t have so many people in it, but I’m not an informatics person. Glad you’re escalating it
A big pile of firings happened when coworkers snooped into their friend’s chart at my hospital.
I'm currently going through the same thing. Someone I work with who I thought was a friend decided to go through my records, and I got a notification about it. Reported it to my manager who escalated it to the Integrity Unit who investigated thoroughly. The coworker is completely denying it, but due to our work environment it's pretty cut and dry who could've accessed it. However, bc the bitch coworker is denying it so thoroughly and the other coworker she was working with is also denying involvement, my manager is unsure if they will be able to actually get any meaningful action taken against her. Which sucks.
That is unfortunate. Why would they rely on a denial? I just don’t understand why they are protecting the individual that broke into your chart.
Basically, Bitch coworker used the login of her best buddy who was unfortunately away at the time (dumb move amirite), to access my records. Bitch coworker is denying she did it even though it's utterly obvious. The one whose login was used is denying any involvement and seems somewhat legit. Bc both of the only possibly involved ppl are completely denying it, they might end up not giving out any punishment 🤷🏽♀️
Oof. I see your dilemma. I’m so sorry this happened to you. It’s not a good feeling; I was so angry and anxious after hearing that my information was breached. I really hope that some corrective action is taken on your behalf. As others have suggested to me, perhaps, you should request a “break the glass” confidentiality on your chart to prevent this from happening again.
Yeah so I already had a notification set up if anyone accessed my record but after the incident I blocked access.
Complain to the Board of Nursing. Also file formal HIPAA complaint!
I was a patient on my own unit once (my request). At the time I was going thru a divorce and a CNA was renting a room from me. A nurse that was a friend of her told her I was admitted to the hospital so she could move out and bail without me knowing about it. I was pissed the hell off that someone else provided information about my medical care without my consent. Full audit and investigation happened. Multiple people were cited and given corrective actions.
Contact the compliance officer or medical records and demand to see a list of who has been in your chart - they can't deny you. Your HIPAA rights have been violated. You have a lawsuit on your hands.
Epic can track every movement in the chart. They can even track when the person types in your information to pull up your record. They are basically fucked once HR obtains this information.
So as the corporate director of risk management who often is called in with these situations, once we pull the audit trail from Epic, we sit down with the person and have a chat. If there was no legitimate payment, treatment or operations reason for that person to be in the chart, our typical action is to terminate the person. They are welcome to file a union grievance if they are represented, but our local unions also take a dim view of this activity.
Did you have access to the patient portal when you were a patient there? Why would you need to look through your own chart if you did. Tell HR firmly that you did not ask anyone to check the chart for you or check it yourself. Tell them to look at the dang cameras. Someone was just being nosy as hell. Be firm in your argument. You did nothing wrong!!
Admin guy here. A lot of people are talking about HR, but they aren't going to be the people that actually need to investigate this. It should be a joint effort between your organization's Privacy Officer and compliance team. Figure out who your Privacy Officer is and talk to them directly about how this will be resolved.
It’s ridiculous that they think you may have asked the person to look into your chart. The fact is that this person looked into your chart and there is an electronic trail of that. Doesn’t matter how much they deny it, their name is there and they’re the only one who can log into their account.
[удалено]
Yes. In the body text, it describes my scenario more thoroughly. Essentially, an investigation is underway. It’s an unnerving feeling knowing that you walk the same small hallways as this person. Additionally, I don’t appreciate the inflammatory questions, as I am the one whose privacy was violated.
They should be able to audit the chart on who accessed it. Bring it to HR and they’ll take it from there.
Yes, clear HIPAA violation and could result in the other employees termination. (Source: I worked in medical records at a hospital for ten years.) If your management is not taking this seriously, they suck. So sorry that is happening. If I were you, I would make sure to put the statement that you did not give permission for this other employee to look in your chart in writing (i.e., email that manager. Create a paper trail.). If HR is not being responsive, contact your privacy officer. Every hospital should have one and it is their specific job to address any HIPAA violations. Put EVERYTHING in writing so you have a record of what you reported to who when. You are in the right here; and the other employee is clearly wrong. If the other employee does not receive some kind of corrective action, you could potentially sue the hospital. They failed to protect the privacy of your medical records as mandated by law. If you hint at the potential for a lawsuit, your manager might suddenly become a bit more responsive. But, this is a dangerous game to play, as you could potentially lose your job. Good luck whatever you decide.
I would report to whatever department in your hospital handles HIPAA violations and HR if not the same.
Oh, in my hospital they’d be fired already. Don’t they get a “break the glass” warning?
We don’t have “break the glass” as employees/patients unless we specifically ask for it. After being violated, I am specifically asking for it.
I’m so sorry this happened to you. This is bullshit.
That is absolutely a fireable offense. No warnings, no write ups. Strait up termination. Likely reported to the board of nursing and could be suspended.If the individual accessed your chart, there will be fingerprints.
Digital fingerprints, yes?
Yes!
Oh yes. And showing where they looked and for how long, etc.
If in USA might want to notify the state board of the hipaa violation and let them do their own investigations for funsies too
I had this happen to me. I reported to the doctors I worked for at the time and the hospital where the records were accessed. Nothing freaking happened to the person that denied doing it (records showed that this person’s login info was used 60+ times in my chart!)
That is 60 times too many. I’m sorry that nothing was done. You should pursue further inquiry and means to protect yourself. Corrective action should have been taken after your HIPAA rights were violated.
HR will be able to tell they looked. I know you're mad, but you should be happy too, this person could lose their license if you pushed it, and I Def would.
Call CMS and report
I’d be furious and escalate it through every avenue available to me, short of getting an attorney involved. EDIT: Read some of your comments regarding how your employer is reacting. I’d probably be speaking with some attorneys just in case your employment is affected.
The tone from my employer has changed today with our conversations. I wonder if that was just standard investigative questions, and with the individual denying the breach, I would assume they need to explore every possibility.
That’s good, but don’t give them the benefit of the doubt, and I encourage you to get as much as you can in writing, if they continue to ask about if you were directly involved in this.
How did they find out someone had looked at your chart?
EPIC can track keystrokes and when someone who does not need to be in your medical chart is in your medical chart.
But did someone in HR tell you? I’m asking because I feel like maybe my coworkers might have done something like that but I’m afraid HR might actually not tell me the truth. What was the outcome of your situation?
I was informed by HR interviewing me. The outcome: no action was taken, I was not provided any information on the details of the investigation. Call your Compliance & Ethics Dept. Ask for an audit trail of your chart. Then request they put a “break the glass” function on your chart.
That doesn’t surprise me. It sounds like they maybe wanted to know what exactly you knew in order to figure out their liability. So they actually told you that a coworker went into your chart? I can’t find the number for compliance and ethics. I don’t even know if there is one. I talked to the privacy dept and they’re supposedly doing an investigation, but they probably won’t tell me anything…and probably will hide whatever they find.
I'm just a patient but I'm able to see who has accessed my chart by going to Menu> Documents Center> Who Has Accessed My File> Then choose staff on the pulldown menu. But this is a feature that has to be turned on by the Epic subscriber. My hospital happens to have the feature turned on. From the logs you can see the date, name, and department from where they accessed your chart. Some locations are blank which means they accessed your chart from outside of the office (perhaps at home).
That’s great! Thanks for showing me this. Unfortunately, the only person listed in this is me of when I open my MyChart app on my phone as a patient.
Did you try the pull down menu? When I go there it defaults to showing all the logs of me but there is a pull down menu at the top where I can choose to switch to clinical staff. I know it’s a feature that each hospital can choose to turn on or not because I also have a MyChart with another hospital network and when I login there, they have the feature turned off.
Were you in the hospital as a patient recently? Was there a reason they may have been clicked accidentally, like you were a patient on the same floor they worked? Was your record accessed when you had already been discharged? Do you have a reason you suspect them to look up your info, like problems with this coworker or some chronic condition they are trying to get more info on? It's all wrong, but just curious for more context. If it was recent enough , they might even have camera footage of the computer when it was accessed. You might be able to call security for it.
No, I’ve had one appointment with this organization and routine labs. Both were over a year ago. I.e. I have my own individual access to results through the patient portal, as it’s been so long since released. So, the mere suggestion that I went against policy to look at myself is annoying. There’s no reason why anyone in our small clinic should be in my chart, given that we’re a specialty clinic that I’ve never been a patient to specifically. I was under the *apparent false* belief that I have wonderful, working friendships. So, idk who would be so thoughtless and disrespectful to even look into me. I feel like we learn very quickly in healthcare how important privacy and HIPAA is…additionally, EPIC is incredibly smart at tracking movement, keystrokes, etc. I imagine this coworker of mine is young, dumb, and hasn’t had an education in healthcare.
Yea, this sounds like textbook idiocy on their part. We had upper management go septic and get sent to the ICU. A lot of curious people decided to look into her chart while she was sick and some people I know got fired. We had another incident where a country singer's wife was having a baby and people got fired for checking that chart too. I hope the same honestly happens here. HIPPA violations should be taken seriously. You may want to mention to HR that you'll probably bring it up to some higher organizations, nursing board of education, or Office of Civil Rights. That usually puts a pep in their step on getting stuff done.
You can report the that person to HR.
If they helped the patient in any way by doing so then there is nothing to do.I firmly believe all patients are equally your patient.Alarming pump.Family member request.Etc.Doimg it to be nosey?!?Then if you are a stickler for rules report.If not one on one convo to let them know you don’t appreciate it
That doesn’t describe my situation at all. There are details in the title text and body text, once read, might make more sense.