I'm a fan of the blog PostSecret — if you're not familiar, it's an "ongoing community art project where people mail in their secrets anonymously" and those secrets are then posted online every Sunday.
Secrets range from silly to serious, and checking out the website is one of my favorite Sunday activities. But one secret from this week's batch struck a chord with me and is a scary one for any hospital or health system leader.
It reads as follows:
"I work for a major hospital system in Ohio. When I'm bored, I look through my Facebook friends, my family, and my coworkers [sic] Electronic Medical Records."
This secret-sender is not alone. For instance, two employees at the Nebraska Medical Center in Omaha were fired in September after they accessed the EMR of an Ebola patient being treated there.
"Unfortunately, I think this likely happens close to every day," Matthew Fisher, JD, an associate with Mirick, O'Connell, DeMallie & Lougee, said in an email interview. "Record snooping is coming up as a pervasive issue and one that can go on for years without it necessarily being discovered."
But when it is discovered, it can result in severe repercussions, including termination of employment. Norfolk, Va.-based Sentara Healthcare is one system that has fired some employees after they accessed medical records unnecessarily, according to Greg Burkhart, the system's chief privacy and chief compliance officer.
This news is unfortunate — and slightly terrifying — for patients, who are now becoming more open and trusting toward EMRs. A survey from earlier this year showed 86 percent of patients used their EMR at least once in 2013, and patients with online access to their records have a higher level of trust in their physician and medical staff.
News like this shows that trust may be misplaced.
Mr. Burkhart says he sees two typical reasons employees access a record they shouldn't: Those with "ill intentions" who want to do something they shouldn't, and those, like the person who sent in the secret, "who seem unable to fight their own curious nature and look out of curiosity."
Is it simply human nature to snoop? Curiosity is the "strong desire to know or learn something," and many people give into this urge even though it can have a detrimental affect on their personal lives. How many people look through a significant others' phone or a keep tabs on an ex through social media? The things you learn through doing so are not always pleasant.
Still, curiosity must be a very strong desire if it pushes people to do things that are detrimental to their career.
"Most of these people [who snoop] are good at their job and well-intentioned and just have a moment where they lose sight of what's right," Mr. Burkhart says.
To help quell that curious nature, Mr. Burkhart emphasizes the importance of education and appealing to Sentara employees' sense of professionalism and integrity. Face-to-face, engaging training about privacy and its importance, combined with making the punishment for snooping clear, can help employees think twice before accessing an EMR inappropriately and out of curiosity.
Additionally, hospitals can implement tools that identify questionable EMR access, which can lead to a conversation with the employee about what led to the access and a possible investigation.
For patients' and employees' sakes, my hope is hospitals and health systems — especially the unnamed "major hospital system in Ohio" referenced in the PostSecret post — will take more proactive steps to keep employees' curiosity in check and prevent snooping incidents. This will not only help protect employees from themselves, but will also build patient trust.