Q&A: Staff members viewing their own or their family member's records
Physician Practice Insider, December 30, 2014
A: Accessing the records of family members without a legitimate business need may well be a breach, but a staff member accessing his or her own records may not be. If there is no legitimate reason for accessing family member records, that would be a breach of unsecure protected health information (PHI).
A number of covered entities (CE) have implemented policies requiring employees to access their own medical records in the same way as all other patients—by submitting a written request and having the record copied or setting up a time for the employee to view his or her own record. Having an employee view his or her own record is not a breach of unsecure PHI. However, it may be a violation in the CE's policy and result in sanctions.
Editor’s note: Chris Apgar, CISSP, president of Apgar & Associates, LLC, in Portland, Oregon, answered this question for HCPro’s Briefings on HIPAA newsletter.
Related Products
-
Physician Practice Perspective
Physician Practice Perspective subscribers can find the archive of issues on the Part B News website. Find more information...
-
Medical Environment Update
A subscription to Medical Environment Update pays for itself by saving you time sorting through complex regulations and...
-
HealthLeaders Media Physician Leaders
HealthLeaders Media Physician Leaders offers commentaries that focus on the hottest issues for doctors as well as concise...
-
Medical Environment Update - Electronic and Print, 1 year
A subscription to Medical Environment Update pays for itself by saving you time sorting through complex regulations and...
-
Medical Environment Update - Electronic, 1 year
A subscription to Medical Environment Update pays for itself by saving you time sorting through complex regulations and...
Most Popular
- Articles
-
- Don't forget the three checks in medication administration
- Note similarities and differences between HCPCS, CPT® codes
- Practice the six rights of medication administration
- Q&A: Primary, principal, and secondary diagnoses
- The consequences of an incomplete medical record
- Coronavirus: 7 Infection Prevention Best Practices for Healthcare Settings
- OB services: Coding inside and outside of the package
- Skills of effective case managers
- Complications from immobility by body system
- ICD-10-CM coma, stroke codes require more specific documentation
- E-mailed
-
- Medicare fraud strike charges 243 healthcare providers for more than $700 million in false billing
- Q/A: Billing for DME
- Intake and output monitoring
- Hospitalists branch into perioperative medicine with preop assessments
- Hospital Billing from A to Z: 3- and 1-day rules
- HIPAA Training Handbooks pick-a-pack!
- HCPro, Inc. Launches New HIPAA Products for Clinical Researchers
- Follow 72-hour and 24-hour rules
- Ensuring clear and concise documentation critical for case managers
- Coding Clinic reiterates guidelines for provider documentation
- Searched
