While EHR snooping ultimately boils down to a human issue, some hospitals and health systems are turning to technology to mitigate cases of unauthorized record viewing.
In September, Danville, Pa.-based Geisinger Health System began notifying more than 700 patients that a former employee wrongly accessed their medical records. As a result of the breaches, which occurred from June 2019-20, Geisinger terminated the employee.
In the same month, Montefiore Medical Center also notified about 4,000 patients that a former employee stole their protected health information; upon discovering the inappropriate EHR access, the New York City-based health system fired the individual.
While some EHR snooping cases involve a single employee who inappropriately views tens or hundreds or thousands of patients' medical records without proper cause, in other instances its multiple employees who access a single patient's record. In July, Hennepin Healthcare in Minneapolis fired five employees for inappropriately viewing the medical records of a "high profile patient" after George Floyd, who died in May while in police custody, was taken to the hospital, according to the Star Tribune.
Here, five hospital and health system IT executives share how they combat EHR snooping at their organizations.
Question: What measures have you taken to prevent hospital employees from EHR snooping?
Editor's note: Responses have been lightly edited for clarity and length.
Randy Davis, vice president and CIO of CGH Medical Center (Sterling, Ill.): This is one of the few times I can say a vendor's application completely solved this for us – a rare sentence for me indeed.
We've essentially stuck a fork in this issue here with a combination of software and by having an exceptional compliance officer, who uses software that keeps track of access and sends alerts based on suspicious activity. Live within a block of someone and access that record, it will trigger an alert. The same goes for a family member. If we define someone as being a patient in the media and you access that record, we know instantly. If you work in pediatrics and suddenly start accessing an adult record, we know. There are many more examples. The software invokes artificial intelligence so it learns from items we define as a false positive. It will adapt to the resources the client has available so you can prioritize the most important alerts if you only have an hour a day to commit to reviewing alerts.
Some vendors in this space are clearly better than others. I'd recommend seeking out KLAS reviews, talk to users and understand what you're buying. If selected properly, your patients' records will be protected to a degree you never thought possible. My last comment is to educate your staff on the capabilities of this. When folks understand their illicit access to a record will become known, they will avoid mistakes of passion, curiosity and knee-jerk vengefulness, etc.
Derek Dunn, vice president of digital innovation and automation at Indiana University Health (Indianapolis): The short version of our story is that we use privacy monitoring software in conjunction with our privacy team, which audits medical record access to our primary EHR. We use it to mine for inappropriate access patterns and have serious policies and prohibitions against such activity, up to and including termination in alignment with the requirements of the HITECH Act.
Chris Paravate, CIO of Northeast Georgia Health System (Gainesville): We recently implemented a tool that monitors user behavior including EHR access behavior. The rollout included a short electronic education module to remind staff of appropriate access and introduce how we will be using this new tool to monitor compliance. The tone of the education is intended to be informative, a gentle reminder that we have enhanced tools for monitoring patient information access and use.
When the software identifies an unusual behavior, the appropriate supervisor receives an email of the identified behavior for further follow up. This information is used to further refine the AI monitoring tool and take appropriate action.
The system is still new so it will take several months to measure how effective it is at improving appropriate access and reducing snooping. However, I am fairly certain that the increased awareness of the new monitoring tools is a deterrent. We just went live earlier in the month, and I look forward to seeing the data and trends over time.
David Chou, CIO of Harris Health System (Houston): Medical record snooping occurs due to employee curiosity, especially if the health system treats high profile celebrities. The majority of healthcare provider organizations will utilize the logging features within their EMR to record every transaction while setting a flag for high profile patients that will require additional privileges for the staff to obtain any information. That process is already in existence today. My recommendations are to add the following steps if it is not in practice today:
- Mature technology enterprises have advanced logging tools, so IT should take advantage of the solution and incorporate the EMR logging data for enhanced monitoring.
- Snooping is grounds for termination, and in some instances, it can lead to personal legal ramifications. Regular training and strict policy enforcement are required to discourage snooping behavior.
Unfortunately, medical record snooping is a human behavior that must be addressed. Technology will not be the savior for this problem, but it can be a tool for the organization to use.
Curtis Cole, MD, assistant vice provost of information services and CIO at Weill Cornell Medical College (New York City): Weill Cornell Medicine takes a number of measures to protect records. Naturally the most important step is an educated and engaged workforce. Annual training and attestations are standard practice but human nature is such that we also need to take proactive and reactive steps as well to protect the records. We use the Epic EHR, which supports a 'break-the-glass' function. This requires users to enter a specific reason for opening restricted charts if they are not on the care team. All employee charts are protected in this way, for example, as are other patients with specific needs.
In some cases we support aliases or other restrictions. Personally, I am not a fan of aliases as they break up the record and actually can increase the number of people who need to look at a chart in order to stitch it back together. As an internist myself, I believe physicians need a complete view of the patient and many security steps can have unintended consequences when you restrict that view. But for certain patients, such as domestic violence victims, we need these tools and they can be very effective if carefully deployed.
Oversight is the cornerstone of all these efforts. We have detailed reports of who accesses what and we follow up with detailed investigations whenever we suspect an inappropriate access. Privacy is a core value every trusted care provider must uphold.
Register today for Becker's HIT+RCM Virtual Event Oct. 6-9 for the best insights and big ideas in health IT!