Developers and HIPAA

EHR Continuity in Care

Private Practice Physicians have the opportunity by contracting with a large health care entity to get into electronic health records EHR. In wanting to satisfy the continuum of care one practice can see any treatment provided by another provider for their patient. They can access diagnostics within the health care entities network. All good things!

My concern, though users sign off on a confidentiality agreement that includes a statement that they will not look at records for patients that are not members of their practice, they still have the capability to do just that. They have no way of electronically prevent anyone in the network on the EHR from randomly surfing and pulling up either their own medical record or that of any one else (not part of their practice). This doesn't make sense and I would think prohibited under HIPAA regulations. Please provide feedback on this issue.

Tags (If you have a multi-word tag, add a hyphen (-) between the words.)

Who are your customers? Check all that apply : Business associates (operates on behalf of/provides service to health care provider/health plan, e.g., an EHR vendor), Other, Health plans or health care providers

What is your organization? : Small company, Attorney/other compliance consultant


3 votes
3 up votes
0 down votes
Question No. 28