Auditing Access to Electronic Medical Record
Introduction to Access Monitoring
As part of our ongoing efforts to ensure the privacy of patient records in accordance with federal regulation and UNC Health HIPAA policies and procedures, the UNC Health Privacy Office audits employee access to patient information. This is done through the use of a computer application designed to monitor compliance with the HIPAA Privacy Rule. The monitoring software links Human Resources (HR) data with activity reports from the electronic medical record system to create audit reports designed to highlight suspicious activity.
By combining HR and clinical data the software can identify specific types of inappropriate access (i.e., co-worker, VIP, family member and neighbor) and suspicious activity based on user patterns of access. Each alert requires follow-up by the UNC Health Privacy Office to determine whether the access was actually inappropriate. UNC Health Privacy Office staff will collaborate with departmental supervisors and HR when needed. If the investigation reveals that there was a work related purpose for the access, no further action will be taken. However, if the access appears to have been inappropriate (i.e., not required or allowed for the performance of your job), further follow up will be conducted in accordance with UNC Health Policies Investigating and Responding to Privacy Incidents and Complaints & Sanctions for Violations of Privacy Policies.
The following resources contain additional information on the way in which the UNC Health Privacy Office monitors employee access of patient records:
- UNC Health Policy: Electronic Patient Information Access and Auditing Access (PDF)
- Training PowerPoint: Accessing PHI & Auditing Employee Access to PHI
- FAQs – Coming Soon!
- UNC Health Policy: Non-treating Physician Access to PHI – Coming Soon!
If you have questions that are not addressed in the FAQ section, please contact the Privacy Office at email@example.com or call 984.974.1069