Health Information Management

Two EHR challenges: Access management and auditing

HIM-HIPAA Insider, August 24, 2010

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Electronic health records (EHR) have their advantages, but they also create challenges for healthcare organizations in protecting the privacy of patient data.

In April, a judge sentenced a former UCLA Health System employee to four months in prison after he admitted snooping into patient records. The 47-year-old researcher, a licensed cardiothoracic surgeon in China, admitted to illegally reading private and confidential medical records. He pleaded guilty to four misdemeanor counts of violating the HIPAA Privacy Rule.
 
According to the U.S. Attorney’s Office in the Central District of California, he accessed and read his immediate supervisor’s medical records and those of other coworkers. Then, after he was dismissed for unrelated reasons, he accessed the UCLA patient records system 323 times over a three-week period, looking mostly at celebrities’ records.
 
To avoid such an incident, organizations must properly manage and audit employee access to PHI, especially in an electronic environment.
 
Note: To read more, visit the HCPro website. Subscribers to Health Information Compliance Insider have access to this article in the August issue of their newsletters.



Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Most Popular