Vanderbilt University Medical Center’s Privacy Office wants to remind all employees who have access to confidential patient information via Medical Center systems and databases to be aware their access to these records is being carefully watched.
Access to systems housing operational and clinical data is monitored and the Privacy Office can quickly and easily identify and address patient privacy issues. Vanderbilt Health’s medical record platforms provide regular notification and reporting about potential breaches of privacy.
Every click and action within the systems is logged. Do not search, hover over, or try to access patient health information that is not needed to do your job. The Break the Glass Privacy pop-up alerts that present when certain medical records are accessed will automatically trigger a detailed audit of the access to confirm a clinical or service relationship exists.
In patient care, this means employees are supposed to only access the PHI of patients they will be caring for. Employees may not use tools and functions within eStar, including but not limited to, the ED track board, reporting workbench, the identity report or patient lists to search for information about patients who are not under their care or are actively assisting.
When instances of potential privacy violations are discovered during the auditing process, or are reported by co-workers or patients, an investigation by the Privacy Office ensues. Unauthorized use of VUMC’s clinical databases, such as Epic or Star Panel to check on the health status of persons in the news, fellow employees, to see if a celebrity is a patient at VUMC or to view the medical records of other individuals not under someone’s care can result in progressive discipline or even termination.
All employees are responsible for protecting patient health information. At Vanderbilt Health patients and their families are the No. 1 priority. Failure to keep patient information private is illegal and can negatively impact patient safety and damage VUMC’s reputation. Remember to follow VUMC’s Credo and be respectful of patient confidentiality.