Skip to page content

HIPAA Quick Reference Guide For Employees

Previous  |  Table of Contents  |  Next

8.0 Looking up information about family and friends

Can I access my family member's, friend's, or co-worker's PHI (e.g. electronic, written)?

Employees may not access either through our information systems (e.g. Epic) or the patient's medical record the medical and/or demographic information of family members, friends, or other individuals for personal or other non-work related purposes, even if written or oral patient authorization has been given.

What if my child or parent is a patient here?

Employees designated as "Personal Representatives" (e.g. parent for a minor, adult son/daughter for an elderly parent) should contact the physician, clinic, or submit a formal request to the Health Information Management (HIM) Department (Medical Records) for the information.  Employees must not use their employee status to obtain medical and/or demographic information for anyone else.

What if I am involved in the treatment, billing or other activity of a person who I know?

In the very rare circumstance when an employee's job (e.g. billing, providing treatment) requires him/her to access and/or copy the medical information of a family member, a co-worker, or other personally known individual, then he/she should immediately report the situation to his/her supervisor who will determine whether to assign a different employee to complete the task involving the specific patient.

Additional guidelines are available in the
Guidance section of the HIPAA website.

bullet What if I am not sure if I am allowed to go into a patient's medical record?

If you have any doubts or concerns about whether you can have access to a certain patient's medical record, please call the HIPAA Program Office at 4-9716.

Previous  |  Table of Contents  |  Next

Quick Links:

Accounting of Disclosures

HIPAA Privacy Review

HIPAA Reference Sheet

Quick Reference Guide

Useful Links