Corporate Compliance

Tip: Establish a process for employees to access their own medical records

Compliance Monitor, May 9, 2007

Employees have the right to access their own records as any patient would. The real question is whether there is a reason to have control over when or where employees do so.

The most obvious reason is that an organization may have a restriction in place that limits what the employee (in this case, the patient) can access. Without a process to manage requests for access, it would be difficult to limit it when necessary. Here are some of the reasons for limiting or denying access:

  • Patient temporarily waived access as part of a research study
  • Information was obtained under a promise of confidentiality
  • Access could reasonably endanger the individual or another person
  • There is a reference to another person and access may likely cause substantial harm to the other person

The same process should be in place for employees to request access to their records as any other patient. This will give your organization knowledge of the review and some control over when they review the record.

To help enforce the need for an approval process, let employees know that audit trails are run to determine who accessed their own record. Apply sanctions for unapproved access.

Jill Burrington-Brown, MS, RHIA, practice manager at the American Health Information Management Association in Chicago provided this tip.

Most Popular