Preface that internal investigation identified employee/ neighbor accessed individual PHI via EMR outside of what is necessary to perform job.
Update your dates. This is intended to give you ideas for tool selection.
At 2130 Bob Evans Jr arrived in Medical Records department requesting his father’s records for personal transport to his father’s new physician. While the son was away, another staff member asked for a copy of the authorization form to be placed into the record. The error was noted at this point. The son was not happy, but staff explained the procedure to them and assured him that the records would be delivered to the new physician before he was able to complete his journey.
As a covered entity we have policies and procedures to address all of these issues. We have reviewed some of the steps that we have already taken in compliance with our process.
HIPAA security: review administrative, technical and physical safeguards implemented. Review original risk assessment, analysis and decisions regarding addressable standards to see if we still meet test of reasonable and appropriate measures. Are there things that should change that would help prevent this type of situation in the future? ( HIV test sealed electronically for security)