UMass Memorial's new system for enforcing patient privacy went into effect on April 10th. The new software system, called FairWarning, will police patient files, looking for signs of suspicious access. If the system catches an employee going into a patient file without a legitimate work reason, it will be flagged. Then managers will investigate. If it turns out that the employee didn't have documented permission or a work reason, they will be subject to discipline.
In accordance with federal guidelines, the hospital has long monitored patient records, including randomized audits. Earlier in the year, we included a blog post here about HIPAA, and some things that SHARE members should know. No policies or penalties have changed since then, only the monitoring system.
Up until now, most of the investigatory meetings that SHARE Reps have gone to about possible violations have involved a patient complaining that someone was in their files. Either that, or files were monitored because they belonged to someone famous, or because co-workers were talking about private information that might have come from the file. The FairWarning system is intended to perform more thorough monitoring of all Electronic Health Records. Nothing suspicious has to trigger an investigation.
An email from UMass Memorial about the new software says that it will begin by focusing on employees who go into a file with their same last name or address. The system will likely be further designed to monitor in more ways as time goes on.
We value patient privacy. It is important to the patients who trust us with their medical care, including the many SHARE members who are also hospital patients. Please be careful you don't access a file of yourself, a family member, someone you know or anyone else unless you get proper permission to view the record, or you have a legitimate work reason to see the record.
For more information, including a link to an electronic access permission form, please see this article in News & Views.
In accordance with federal guidelines, the hospital has long monitored patient records, including randomized audits. Earlier in the year, we included a blog post here about HIPAA, and some things that SHARE members should know. No policies or penalties have changed since then, only the monitoring system.
Up until now, most of the investigatory meetings that SHARE Reps have gone to about possible violations have involved a patient complaining that someone was in their files. Either that, or files were monitored because they belonged to someone famous, or because co-workers were talking about private information that might have come from the file. The FairWarning system is intended to perform more thorough monitoring of all Electronic Health Records. Nothing suspicious has to trigger an investigation.
An email from UMass Memorial about the new software says that it will begin by focusing on employees who go into a file with their same last name or address. The system will likely be further designed to monitor in more ways as time goes on.
We value patient privacy. It is important to the patients who trust us with their medical care, including the many SHARE members who are also hospital patients. Please be careful you don't access a file of yourself, a family member, someone you know or anyone else unless you get proper permission to view the record, or you have a legitimate work reason to see the record.
For more information, including a link to an electronic access permission form, please see this article in News & Views.