A HIPAA message -- Checks and balances

August 12, 2003

picture disc.HIPAA, the "Health Insurance Portability and Accountability Act of 1996," provides federal protection of patient health information. As part of our continuing efforts to educate employees, these HIPAA-related messages will be distributed the second and fourth Tuesdays of the month. Today's HIPAA message is about auditing access to protected health information.

Question:
How are we meeting the HIPAA requirements to audit access to PHI (protected health information)?

Answer:
We conduct random audits of access to IDX CareCast, the computerized medical information system. Anytime an individual accesses a patient record through CareCast, an electronic audit trail is created.

As a reminder, only individuals that have a need to know patient information in order to perform assigned duties should access such information.

Remember: Individuals who improperly access PHI are subject to corrective action up to and including termination.

If you're a manager, please ensure all of your employees are informed of the contents of these messages and how it applies to your work area. Some ways of sharing the information include discussions during staff meetings, printing and posting this message or asking your employees if they have any further questions.