Skip to page content

GUIDANCE (Dec. 2005)

MEDICAL CENTER EMPLOYEES ACCESSING PERSONAL HEALTH INFORMATION

Patients have a right to access their own health information.  The institution has established procedures to assist patients with that access.  This is usually done by contacting the care provider directly or by submitting a request to Health Information Management.  Inpatients may view their medical record with a clinician present to interpret the information and answer questions (see UCH Administrative Policy 02-02). 

Employees of the Medical Center desiring access to their own health information (e.g. electronic or hard copy) must use the same procedures available to other patients regardless of having job-related access to medical center information systems (e.g. OACIS, EPIC, Lastword).

All patients will soon have the ability to access MyChart, a secure patient web-portal, to obtain their personal health information.  The schedule for availability of this component of the Medical Centers' Phoenix project will be announced soon.

The following standards for accessing personal health information must be met:

  1. Employees may only access protected health information (e.g. electronic, hard copy) for purposes necessary to perform their own job duties.
  2. Employees may not access and/or copy their own medical information through the institution's current information systems, including test results, clinic notes, and operative reports.  If employees wish to access and/or copy their own medical information, they must either contact their physician for the information or make a formal written request to Health Information Management (see UCH Administrative Policy 02-02).
  3. Employees may not access through the institution's current information systems the medical information of family members, friends, or other individuals for personal or other non-work related purposes, even if written or oral patient authorization has been obtained.  Employees designated as "Personal Representatives" (Policy 05-30) should contact the physician or submit a formal request to Health Information Management.  Employees must not use their employee status to obtain medical information for anyone else.
  4. In those very rare circumstances where an employee's job requires him/her to access and/or copy the medical information of family members, a co-worker, or other personally known individuals, then he/she may do so only to the extent necessary to perform his/her job.  However, employees should report the situation to their supervisor who will determine whether to assign a different employee to complete the task involving the specific patient.  The employee should continue his/her responsibilities to the extent patient privacy is not compromised.
Employees who violate these guidelines will be subject to disciplinary action, up to and including termination, in accordance with the applicable UCMC, BSD, Medical Staff, or University policies.  Contact the HIPAA Program Office at 4-9716 if you have any questions.

December 2005

Back to Guidances


Quick Links:

Accounting of Disclosures
HIPAA Privacy Review
HIPAA Reference Sheet
Quick Reference Guide
Useful Links
HPO@bsd.uchicago.edu



Call 4-9716 for more information

PDF version