Physician Practice

Q&A: Staff members viewing their own or their family member's records

Physician Practice Insider, December 30, 2014

A: Accessing the records of family members without a legitimate business need may well be a breach, but a staff member accessing his or her own records may not be. If there is no legitimate reason for accessing family member records, that would be a breach of unsecure protected health information (PHI).

A number of covered entities (CE) have implemented policies requiring employees to access their own medical records in the same way as all other patients—by submitting a written request and having the record copied or setting up a time for the employee to view his or her own record. Having an employee view his or her own record is not a breach of unsecure PHI. However, it may be a violation in the CE's policy and result in sanctions.

Editor’s note: Chris Apgar, CISSP, president of Apgar & Associates, LLC, in Portland, Oregon, answered this question for HCPro’s Briefings on HIPAA newsletter.

Most Popular