Health Information Management

Ask the expert: Should we have a process in place in which employees can access their own electronic records? If so, what type of guidelines should we follow?

HIM-HIPAA Insider, April 10, 2007

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

A: Employees have the right to access their own records as any patient would. The real question is whether there is a reason to have control over when or where employees access their own medical record.

The most obvious reason is that an organization may have a restriction in place that limits what the employee (in this case, the patient) can access. Without a process to manage requests for access, it would be difficult to limit it when necessary. Following are reasons for limiting or denying access:

  • The patient temporarily waived access as part of a research study
  • Information was obtained under a promise of confidentiality
  • Access could reasonably endanger the individual or another person
  • There is a reference to another person, and access may likely cause substantial harm to the other person
  • The same process should be in place for employees to request access to their records as any other patient. This will give your organization knowledge of the review and some control over when they review the record.

    In order to help enforce the need for an approval process, employees should know that audit trails will determine who accessed their personal record. Your organization may apply sanctions when it does not approve access.

    Jill Burrington-Brown, MS, RHIA, practice manager at the American Health Information Management Association in Chicago, answered the previous question.



    Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

      Briefings on APCs
    • Briefings on APCs

      Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

    • HIM Briefings

      Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

    • Briefings on Coding Compliance Strategies

      Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...

    • Briefings on HIPAA

      How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

    • APCs Insider

      This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...

    Most Popular