Protect patients’ privacy as if it were your own

Quiz time: Your spouse just had a test at a YNHHS facility, and you’re really anxious to get the results. Is it OK for you to go into Epic and access your spouse’s medical record?

Answer: No. Doing so would violate HIPAA and Yale New Haven Health policies, and you could be subject to disciplinary action. Illegally accessing protected health information also puts the hospital and health system at risk of federal penalties, which can include fines.

“Our family members, friends and co-workers are entitled to the same privacy as any other patient,” said Terrie Estes, vice president, Corporate Compliance, and chief compliance officer, YNHHS. “Many employees have been patients at one time or another, and we would want the same protection for our privacy.”

YNHHS has seen an increase in reports of people inappropriately accessing medical records. Part of the reason for the increase is better monitoring by Information Technology Services’ Office of Information Security. Another reason is that employees are more frequently reporting inappropriate access and other violations, said Glynn Stanton, vice president and chief information security officer, ITS.

“Just as reporting of near-miss safety events is helping to improve patient safety, monitoring and reporting privacy concerns will help us better protect sensitive information,” he said.

In the coming months, Compliance and ITS will provide reminders and tips about how you can help keep sensitive information secure. Watch for these communications in the newsletters and on the employee intranet.

“We’re here to protect our patients, our staff and our organization,” Estes said. “But we can’t do it alone. We need everyone’s help.”