Vanderbilt University Medical Center issued a statement March 8 reminding employees that viewing patient records or accessing clinical databases without authorized use can result in "progressive discipline or even termination."
The health system said patients' information is closely audited by its privacy office and that the scope of audits have now been broadened to include random and detailed analysis of other patients' records in order to make sure those who are accessing this information are authorized to do so.
The privacy office has implemented "break the glass privacy pop-up alerts" that will automatically trigger a detailed audit of access. This will show the health system when certain medical records are accessed and confirm if the employee has a clinical or service relationship with the records.
"We can tell what documents have been opened and precisely how long someone was looking at them," said Gaye Smith, chief privacy officer of Vanderbilt University Medical Center.