there is sometimes snooping and accessing VIP medical records.We hear about this all the time in the news, right? But what aboutsmall-town VIPs? Monthly, I run access reports that shows meeverywhere employees have been the previous month. What medicalrecord accessed, etc. One report is called “same last names” and”VIP”. The same last name report checks to make sure workforcemembers do not access their own medical records or of familymembers. This is not a HIPAA rule, but rather an internal policy.The VIP is ran randomly based on a perhaps a local celebrity isknown to have been hospitalized. A report will be ran to see whoaccessed that person’s medical record. When reviewing the resultsof the audit, and if it is found that someone did access the recordwithout a need to know to do their job, HR gets involved. HIPAAdictates “minimum necessary”. This means you access the minimumnecessary to do your job. If a workforce member needs to access apatient’s record to review labs, but is in the demographic portionof the record, that is a violation.
What do you believe should happen if it is found that anemployee has accessed a VIP record without need to know to do theirjob? Termination? Coaching/re-education?
