Private Practice Physicians have the opportunity by contracting with a large health care entity to get into electronic health records EHR. In wanting to satisfy the continuum of care one practice can see any treatment provided by another provider for their patient. They can access diagnostics within the health care entities network. All good things!
My concern, though users sign off on a confidentiality agreement that includes a statement that they will not look at records for patients that are not members of their practice, they still have the capability to do just that. They have no way of electronically prevent anyone in the network on the EHR from randomly surfing and pulling up either their own medical record or that of any one else (not part of their practice). This doesn't make sense and I would think prohibited under HIPAA regulations. Please provide feedback on this issue.