Practice Management Alert

Question: Is it OK to store staff and patient COVID-19 vaccination records in the same place?

Washington, D.C. Subscriber

Answer: Both the Occupational Safety and Health Administration (OSHA) and the Centers for Disease Control and Prevention (CDC) recommend strongly against storing staff files — both paper and electronic — with patient data.

While EHR technology can greatly help with the maintenance of staff records, you should avoid mixing patients’ protected health information (PHI) with employees’ data. Staff should be afforded the same privacy and security rights under HIPAA that patients are, and housing healthcare personnel (HCP) records together with patient records could infringe on those rights if other workers are privy to what’s in the EHRs.

“Keeping HCP records and information in the same system as patient care information can risk unauthorized staff access to private information,” says CDC guidance. “Some HCOs separate patient and HCP records by using separate paper files or electronic systems. State and local requirements for the separation of patient and HCP records may exist.”

It’s critical to safeguard HCP data and align with both state and federal compliance requirements. This allows workers to feel confident that their information is protected and that unauthorized staff are restricted from access, the CDC suggests.