When is it OK to snoop in a health record?
Most employees are familiar with basic patient privacy rules, but you may not know how broad those rules are, specifically when it comes to chart snooping.
What is snooping?
Snooping is when an employee or medical staff member intentionally and inappropriately accesses patient paperwork with protected health information or any part of the electronic medical record for a nonwork-related reason.
For example, it’s snooping if you see that a neighbor has come to the clinic, and you access that person’s record to learn the reason for the visit. Or if you want to learn the birthday of a coworker to send a card, accessing medical records of family members, friends, coworkers, a celebrity, politician or any other public figure is snooping, if it’s done for a reason other than work-related.
When accessing a record for a work-related reason, employees must follow the minimum necessary standard. This means limiting access, use, disclosure or requests for protected health information to the minimum needed for the work. The information should be shared only with those who need to know it. If you’re scheduling an appointment with a patient’s primary care physician, for instance, it’s unlikely you’ll need to access that patient’s clinical records because you’re merely scheduling the patient for a primary care visit.
How will Asante know if someone is snooping?
Asante’s Privacy Program audits patients’ medical records to determine potential snooping. Asante uses FairWarning, an automated auditing solution, which proactively monitors and audits for internal threats. This tool uses Human Resources, medical records, operational and clinical data to identify what patient information was accessed and why. As a HIPAA-covered entity, Asante is required by federal law to deter inappropriate access, use or disclosure of protected health information.
What are the consequences of snooping?
Except for very unusual circumstances, the penalty for snooping is termination of your employment. This zero-tolerance rule applies to intentionally and inappropriately accessing records of:
- Your spouse or domestic partner
- Your siblings
- Your children or grandchildren
- Your co-workers
- Friends and neighbors
- Public figures or those of media interest
- Any other patient without a work-related reason
How can I prevent inadvertent snooping?
To help maintain patient privacy and confidentiality, follow these guidelines:
- Access patient medical records only when it is required for your job.
- Do not access medical records of co-workers, friends, family members or celebrities unless for a work-related reason.
- Access, use and disclose only the minimum protected health information needed to get the job done.
More information can be found on Asante’s HIPAA Privacy Program website.
If you need answers for a personal work matter, please contact the author or department directly instead of leaving a comment.