Introduction to Access Monitoring

As part of our ongoing efforts to ensure the privacy of patient records in accordance with federal regulation and UNCHCS HIPAA policies and procedures, the UNCHCS Privacy Office audits employee access to patient information. This is done through the use of a computer application designed to monitor compliance with the HIPAA Privacy Rule. The monitoring software links Human Resources (HR) data with activity reports from the electronic medical record system to create audit reports designed to highlight suspicious activity.

By combining HR and clinical data the software can identify specific types of inappropriate access (i.e., co-worker, VIP, family member and neighbor) and suspicious activity based on user patterns of access. Each alert requires follow-up by the UNCHCS Privacy Office to determine whether the access was actually inappropriate. UNCHCS Privacy Office staff will collaborate with departmental supervisors and HR when needed. If the investigation reveals that there was a work related purpose for the access, no further action will be taken. However, if the access appears to have been inappropriate (i.e., not required or allowed for the performance of your job), further follow up will be conducted in accordance with UNCHCS Policies Investigating and Responding to Privacy Incidents and Complaints & Sanctions for Violations of Privacy Policies.

Additional Resources

The following resources contain additional information on the way in which the UNCHCS Privacy Office monitors employee access of patient records:

  1. UNCHCS Policy: Electronic Patient Information Access and Auditing Access (PDF)
  2. Training PowerPoint: Accessing PHI & Auditing Employee Access to PHI
  3. FAQs – Coming Soon!
  4. UNCHCS Policy: Non-treating Physician Access to PHI – Coming Soon!
  5. UNCHCS Policy: Non-treating Physician Access to PHI Form – Coming Soon!

If you have questions that are not addressed in the FAQ section, please contact the Privacy Office at or call 984.974.1069