Audit Trail Policy – An Effective Tool To Prevent Unauthorized PHI Access

Posted on November 27, 2013 by Frank J. Rosello

When in the realm of healthcare privacy and security, electronic health records may facilitate easier data exchange and data viewing, but the systems’ audit trails make catching unauthorized viewers all the more simple, too.

And, in the digital age, these unauthorized viewers have proved far too common.

Just last month, Allina Health system in Minnesota notified some 3,800 patients that one of its medical assistants had been improperly accessing their protected health information for more than three years.

The former employee — her employment recently terminated — accessed patients names, dates of birth, clinical data, health insurance information and partial Social Security numbers.

“We deeply regret that this occurred and want you to know we are committed to protecting the privacy of our patients’ personal information,” read a notice on the Allina website. “To help prevent similar incidents from happening in the future, we are evaluating our policies related to protecting patient information, examining our computer security programs and continuing to educate employees on their obligation to maintain the privacy of patient information.”

Affected patients were notified Oct. 25.

The Office of the National Coordinator’s 2014 Health Information Technology Certification programs mandate that EHR technology meet certain audit log requirements. Changes and actions to the patient record must be captured, in addition to dates and time of the action, user identification and ID of the patient record being accessed.

In addition to the meaningful use audit log requirements, the HIPAA Security Rule, HITECH Act and the Joint Commission all put forth their own specific requirements pertaining to audit logs and patient privacy.

Just this July, six employees at Cedars-Sinai Medical Center were fired for reportedly viewing the medical records of 12 patients without authorization. The records included those of Kim Kardashian who recently gave birth at the hospital.

Impermissible uses and disclosures of protected health information remains the top compliance issue pertaining to HIPAA privacy and security breaches, according to data from HHS.

Since 2009, some 27 million individuals have had their protected health information compromised, according to HHS reports.

Article written by Erin McCann

• Recent News

  • Texas Launches Certification Program To Bolster HIPAA Compliance
  • Internet Explorer Vulnerability: Steps To Take
  • Five Misconceptions About Cloud Computing
  • ONC Chief’s Perspectives On Patient Privacy and Security
  • ONC Chief DeSalvo Charts New Course

• Press Release Archives

• EI Connections Newsletter Archive

  
  

  Sign up for the
  EI Connections Newsletter

  * Email

  
  

• Categories

  • ACA
  • ACO Rule
  • ACOs
  • Cloud Computing
  • CMS
  • CMS eRx Rules
  • CMS Final Rule
  • CMS Proposed Rule
  • e-Health
  • EHR Adoption
  • EHR Data Sharing
  • EHR Implementation
  • EHR Incentives
  • EHR Information Security
  • EHR Meaningful Use
  • Electronic Health Records
  • Electronic Medical Records
  • EMR
  • Environmental Intelligence
  • Health Information Exchange
  • Health IT
  • Health IT Best Practices
  • Health IT Data Security
  • Health It Interoperability
  • Health IT Policy
  • Health IT Services
  • Healthcare
  • Healthcare Information Security
  • Healthcare Leasing
  • HHS
  • HHS Final Rule
  • HHS Initiatives
  • HIE
  • HIPAA 5010
  • HIPAA Complicance
  • HIPAA Omnibus Rule
  • HIPAA Privacy and Security Rule
  • ICD-10
  • Meaningful Use
  • medical practice best practices
  • mHealth
  • ONC
  • Patient Privacy
  • Personal Health Record
  • PHI Data Security
  • Press Releases
  • Radiology Systems
  • Telehealth
  • Telemedicine

• Tag Cloud

  CMS CMS EHR Incentives CMS Policy EHR EHR Adoption EHR Best Practices EHR Cloud Hosting EHR Consulting EHR Hosting EHR Implementation EHR Incentives EHR Study EHR Technology Enhancements EI Connections Newsletter Electronic Health Records Electronic Medical Records EMR Environmental Intelligence Healthcare Health Information Exchange Health IT Health IT Best Practices Health IT Information Security Health IT Policy Health IT Services Health IT Standards Health IT Tips HHS HIE HIE Standards HIPAA Compliance HIPAA Privacy and Security Rules HIT ICD-10 Meaningful Use medical practice best practices OCR ONC Patient Experience PHI PHI Data Breaches PHI Data Security PHI Security Stage 2 Meaningful Use Rule Stage 3 Meaningful Use