Did You Know? Under HIPAA, Your Medical Records Are Protected from Unauthorized Access (Even from You)

HIPAA has done a great deal of good to protect sensitive patient information. All the same, some members describe the advantages of the time before HIPAA, when patient information could come in handy, and be used for personal reasons. You might want to look up your own appointment time with a doctor, for example, or to figure out a co-worker's home address in order to send a birthday card. However, things are different now.

Sometimes, when SHARE members violate a hospital policy, they don't even think they've done so. While working to take care of themselves and their family, they might access protected information. SHARE members might not realize that their computer activity can be revealed in a routine system audit, and that unauthorized access can result in serious disciplinary action.

Most employees know that HIPAA guidelines permit an employee to access a patient's record only in one of two situations:
  1. For job-related reasons. Or, 
  2. If the employee submits a completed Employee Authorization for Electronic Access Form, which is filed with the Medical Records department. 
But, what about your husband's medical records? Or your children's? Or even your own? It's important to remember that the answer is: the same rules apply.

For example, even if you want to find out the results of your very own lab work, you must be authorized to do so through the Medical Records department, or contact your physician directly.

For more information, visit The US Department of Health and Human Services' "Understanding HIPAA" webpage 

Or, please feel free to call the SHARE office (508) 929-4020, or the UMass Memorial Privacy Office: (508) 334-5551