Protecting our patients’ privacy is paramount
Each of us has a duty to keep our patient’s health information private and secure. Our patients trust us with their most sensitive information, and in return, we have a moral and legal responsibility to protect their privacy.
We can all help ensure our patients’ information remains confidential by heeding the following:
- Be aware of potential phishing emails from outside senders.
- Never give your password to someone else.
- Do not access someone’s health information — through Epic or otherwise — unless you are directly involved in the patient’s care or have another business reason to do so.
- Only access an inpatient or other patient list (census list) in Epic if it is part of your job. You should not be viewing these census lists out of curiosity – even if you don’t enter a specific individual’s record.
- Do not access your or a family member’s health information in Epic. Instead, sign up for MyChart. Asante policy prohibits employees and medical staff from accessing their own health information through Epic or other core systems.
- When faxing, mailing or handing out paperwork to patients or family members, verify you have the right patient’s information, and that it is being sent to the right recipient.
- Pay careful attention to common names to ensure faxes or mailings are sent to the intended recipient.
- Double-check email addresses before emailing PHI, particularly outside the organization. Type “Secure” in the subject line of your email to force any email being sent outside Asante remains in our secure email portal (unless the patient objects).
- If you learn someone has received a patient’s information in error, try to recover the information from the incorrect recipient or confirm it has been destroyed. Then report it to the Privacy team at pr*****@as****.org or through the online portal on the Compliance Department page on myAsanteNET.
Failing to protect patient confidentiality can have serious consequences to patients, employees and Asante. This is especially true if employees are acting carelessly, accessing information out of curiosity or snooping with an intent to harm someone else. When this happens, Asante acts swiftly to investigate and, when necessary, apply its zero-tolerance policy.
To learn more, review Asante’s Confidentiality Standards & Sanctions policy.
Snooping? Consider this FairWarning
Asante monitors for inappropriate access to patient records using a continuous auditing software system.
FairWarning immediately identifies if an unauthorized user has accessed a patient’s electronic health record or other clinical application. It will alert the Privacy team if:
- An employee is accessing medical records outside their normal scope of work.
- Credentials are shared or somehow compromised.
- A user is accessing a family member’s medical records.
- Someone is accessing or modifying their own medical record.
Asante has a zero-tolerance policy on any unauthorized snooping.
If you have a question, please contact the author or relevant department directly.