Health Information Compliance Alert

Reader Question:

TO TRUST OR NOT TO TRUST?

Question: Our staff wants to be able to access their private health information without going through the steps our patients must take. Can we allow this, or are we risking a HIPAA violation?

- Michigan subscriber

Answer: Allowing employees to bypass your controlled system for accessing PHI could open your facility to a violation, warns Matthew Lapointe, an attorney with Manchester, NH-based Sheehan Phinney Bass & Green. Why? "When you lose that gatekeeper, you increase the likelihood and ability of employees to snoop on each other," he observes.

The Bottom Line: Unless you have the technology to limit an employee's ability to access other employees' private health information, you shouldn't lower the hurdles you've erected for patients, Lapointe says. Tip: Explain the potential dangers to your employees so they will buy into and promote your policy, he suggests.