HIPAA Quick Reference
Guide For Employees
Can I access my family
member's, friend's, or co-worker's PHI (e.g. electronic, written)?Employees may not access either through our information systems (e.g. OACIS, EPIC, or Lastword) or the patient's medical record the medical and/or demographic information of family members, friends, or other individuals for personal or other non-work related purposes, even if written or oral patient authorization has been given.
What if my child or
parent is a patient here?Employees designated as "Personal Representatives" (e.g. parent for a minor, adult son/daughter for an elderly parent) should contact the physician, clinic, or submit a formal request to the Health Information Management (HIM) Department (Medical Records) for the information. Employees must not use their employee status to obtain medical and/or demographic information for anyone else.
What if I am involved
in the treatment, billing or other activity of a person who I know?In the very rare circumstance when an employee's job (e.g. billing, providing treatment) requires him/her to access and/or copy the medical information of a family member, a co-worker, or other personally known individual, then he/she should immediately report the situation to his/her supervisor who will determine whether to assign a different employee to complete the task involving the specific patient.
Additional guidelines are available in the Guidance section of the HIPAA web site.
The University of Chicago Medical Center | 5841 South Maryland Avenue | Chicago, IL 60637
HPOwebmaster@bsd.uchicago.edu