Issue link: https://blog.providence.org/i/1541294
• A physician may discuss the after care plans with a patient with an individual who has accompanied the patient to a medical appointment. The information must be "need to know" for the person supporting the patient. • A physician may give information about a patient's mobility limitations to the patient's sister who is driving the patient home from the hospital. Examples of sharing when the patient cannot authorize: • A surgeon who did emergency surgery on a patient may tell the patient's spouse about the patient's condition while the patient is unconscious. • A pharmacist may give a prescription to a patient's friend who the patient has sent to pick up the prescription. • A health care provider may give information regarding a patient's drug dosage to the patient's health aide who calls the provider with questions about a prescription. Access to EPIC and Other Information Systems • Access is granted based on job role • You may not view your own record or information of family members, friends, neighbors or co-workers • Inappropriate access, use, or disclosure will result in corrective action up to and including termination • Access is monitored and recorded 24/7 Impermissible Uses of EPIC • Using any part of the Electronic Health Record (EHR) to view a patient's record including their name and/or address only without a Providence business reason. The fact that an individual is/was a patient is protected health information. Follow query procedures to avoid accessing the wrong record. • Searching, monitoring, accessing medical information for purposes of curiosity/concern. • Using census boards/track boards, appointment desk or other modules in the EHR outside your job role • Using patient chart for training purposes. • Circumventing ROI/HIM processes to obtain copies of medical records for self or others. • Sharing credentials or not logging off before workstation is used by another user. Privacy and Patient Rights Safeguards Verify patient identity by using three identifiers: Many patients share full names and dates of birth and errors cause significant billing issues for patients along with privacy concerns. Be cautious with verbal conversations: Whether in treatment areas or in public areas. Know the audience listening. Escalate patients promptly: Do this to avoid missing legal deadlines (i.e.; requests for medical record access or changes to medical records). Keep all papers with PHI out of view of the public and dispose of them properly: In addition to PHI, you are expected to protect confidential information, which includes: • Employee/Personnel information (includes students, residents, volunteers) • Employee Health information • Business operations not available to the public Board, Medical Staff Committee, etc. (includes meeting minutes, notes or actions) • Trade secrets or other confidential information/ processes Provider Education Training Manual 32 |