Q&A: Accidentially accessing patient information

October 10, 2019
Medicare Web

Q: If you discover that you have accidentally accessed a patient’s information on your facility’s computer system, what’s the best course of action? Who should you notify first? Are you at risk of being in trouble if you looked at the information before realizing the error?

A: Immediately notify your facility’s privacy official. If you don’t need access to patient information, your computer access profile should not allow that access. If you do need access to patient information but accidentally accessed the record of a family member or colleague in the course of your work, let your privacy official know. If the access was accidental, you should not be disciplined.

Editor’s note: This question was answered by Mary D. Brandt, MBA, RHIA, CHE, CHPS. Brandt is a healthcare consultant specializing in healthcare regulatory compliance and operations improvement. She is also an advisory board member for BOH. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions. Opinions expressed are those of the author and do not represent HCPro or ACDIS.

Related Topics: 
Ask the Expert, HIM/HIPAA, HIPAA