EMR Access Monitoring Checklist
Download our interactive EMR access monitoring checklist for the steps necessary to build out a successful EMR access review process.
February 14, 2022//Isa JonesLast Updated: June 30, 2022
Determined not to spend Valentine’s Day alone with your Netflix account, you’ve scheduled a date with a cute match from a dating app. Naturally before you meet up, you put their name into Google to see what comes up. Their social profiles may be viewed before you meet, but if you only have their first name, what else could you know? What about their full legal name and medical history?
If you work at a healthcare organization and have access to private patient data, it could be pretty tempting to type in their first name and last initial and see if you can find some details. Before you ask, “Who would do that?” We have to say yes, it happens. More often than you would think.
For nurses, doctors, medical personnel, and others working in a healthcare organization, EHR systems are often open so they can quickly access information for patient treatment. This is crucial when it comes to patient care, but unfortunately means those systems are open to curious individuals looking to snoop.
So let’s say an employee has a date coming up, and they know this date’s first name and last initial. It’s easy enough to enter that and scroll through every “Alex B.” in the database until they find their date and their private patient data. They may also utilize the EHR directly to collect additional information of interest such as marital status, vaccination status or medical history.
But, this unauthorized access can cause major issues.
Viewing patient data, or sharing it, without a medical reason or consent is a direct violation of HIPAA regulations. Just using the EHR system to access any of this information is, within itself, a violation.
Not only that, but if you don’t know someone’s last name, so you’re typing in “Alex B.” and scrolling through the files of every “Alex B.” in the system, that could be dozens of small violations. Many organizations do have patient privacy monitoring systems in place, so there is a risk of getting caught, which can result in distrust, reputation damage, and fines for the healthcare organization.
SecureLink’s Privacy Monitor is the perfect solution to this Tinder snooping problem: using artificial intelligence, Privacy Monitor automatically detects and flags instances of irregular name searches, such as a first name and last initial.
Unlike rules-based patient privacy monitor solutions, Privacy Monitor audits all accesses and utilizes machine learning to recognize and understand access patterns, resulting in fewer false positives and more efficient incident investigations.