{"id":2561,"date":"2018-05-22T16:32:10","date_gmt":"2018-05-22T20:32:10","guid":{"rendered":"https:\/\/www.med.unc.edu\/patientprivacy\/?page_id=2561"},"modified":"2020-04-15T11:07:09","modified_gmt":"2020-04-15T15:07:09","slug":"auditing-access-to-electronic-medical-record","status":"publish","type":"page","link":"https:\/\/www.med.unc.edu\/patientprivacy\/privacy-topics\/auditing-access-to-electronic-medical-record\/","title":{"rendered":"Auditing Access to Electronic Medical Record"},"content":{"rendered":"<h3>Introduction to Access Monitoring<\/h3>\n<p>As part of our ongoing efforts to ensure the privacy of patient records in accordance with federal regulation and UNC Health HIPAA policies and procedures, the UNC Health Privacy Office audits employee access to patient information. This is done through the use of a computer application designed to monitor compliance with the HIPAA Privacy Rule. The monitoring software links Human Resources (HR) data with activity reports from the electronic medical record system to create audit reports designed to highlight suspicious activity.<\/p>\n<p>By combining HR and clinical data the software can identify specific types of inappropriate access (i.e., co-worker, VIP, family member and neighbor) and suspicious activity based on user patterns of access. Each alert requires follow-up by the UNC Health Privacy Office to determine whether the access was actually inappropriate. UNC Health Privacy Office staff will collaborate with departmental supervisors and HR when needed. If the investigation reveals that there was a work related purpose for the access, no further action will be taken. However, if the access appears to have been inappropriate (i.e., not required or allowed for the performance of your job), further follow up will be conducted in accordance with UNC Health Policies <em>Investigating and Responding to Privacy Incidents and Complaints<\/em> &amp; <em>Sanctions for Violations of Privacy Policies<\/em>.<\/p>\n<h4>Additional Resources<\/h4>\n<p>The following resources contain additional information on the way in which the UNC Health Privacy Office monitors employee access of patient records:<\/p>\n<ol>\n<li>UNC Health Policy: <a href=\"https:\/\/unchealthcare.policystat.com\/policy\/5180945\/latest\/\">Electronic Patient Information Access and Auditing Access<\/a> (<a href=\"https:\/\/www.med.unc.edu\/patientprivacy\/wp-content\/uploads\/sites\/524\/2018\/09\/Electronic-Patient-Information-Access-and-Auditing-of-Access.pdf\">PDF<\/a>)<\/li>\n<li>Training PowerPoint: <a href=\"https:\/\/www.med.unc.edu\/patientprivacy\/wp-content\/uploads\/sites\/524\/2018\/09\/EPIC_Access_Monitoring.pdf\">Accessing PHI &amp; Auditing Employee Access to PHI<\/a><\/li>\n<li>FAQs &#8211; <em>Coming Soon!<\/em><\/li>\n<li>UNC Health Policy: Non-treating Physician Access to PHI &#8211; <em>Coming Soon!<\/em><\/li>\n<\/ol>\n<p>If you have questions that are not addressed in the FAQ section, please contact the Privacy Office at <a href=\"mailto:privacy@unchealth.unc.edu\">privacy@unchealth.unc.edu<\/a> or call 984.974.1069<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Introduction to Access Monitoring As part of our ongoing efforts to ensure the privacy of patient records in accordance with federal regulation and UNC Health HIPAA policies and procedures, the UNC Health Privacy Office audits employee access to patient information. This is done through the use of a computer application designed to monitor compliance with &hellip; <a href=\"https:\/\/www.med.unc.edu\/patientprivacy\/privacy-topics\/auditing-access-to-electronic-medical-record\/\" aria-label=\"Read more about Auditing Access to Electronic Medical Record\">Read more<\/a><\/p>\n","protected":false},"author":79870,"featured_media":2541,"parent":2487,"menu_order":12,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":"","_links_to":"","_links_to_target":""},"class_list":["post-2561","page","type-page","status-publish","has-post-thumbnail","hentry","odd"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Auditing Access to Electronic Medical Record - Privacy Office<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.med.unc.edu\/patientprivacy\/privacy-topics\/auditing-access-to-electronic-medical-record\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Auditing Access to Electronic Medical Record - Privacy Office\" \/>\n<meta property=\"og:description\" content=\"Introduction to Access Monitoring As part of our ongoing efforts to ensure the privacy of patient records in accordance with federal regulation and UNC Health HIPAA policies and procedures, the UNC Health Privacy Office audits employee access to patient information. This is done through the use of a computer application designed to monitor compliance with &hellip; Read more\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.med.unc.edu\/patientprivacy\/privacy-topics\/auditing-access-to-electronic-medical-record\/\" \/>\n<meta property=\"og:site_name\" content=\"Privacy Office\" \/>\n<meta property=\"article:modified_time\" content=\"2020-04-15T15:07:09+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.med.unc.edu\/patientprivacy\/wp-content\/uploads\/sites\/524\/2018\/05\/prexd.hospfrontp-1024x444.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"444\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.med.unc.edu\/patientprivacy\/privacy-topics\/auditing-access-to-electronic-medical-record\/\",\"url\":\"https:\/\/www.med.unc.edu\/patientprivacy\/privacy-topics\/auditing-access-to-electronic-medical-record\/\",\"name\":\"Auditing Access to Electronic Medical Record - Privacy Office\",\"isPartOf\":{\"@id\":\"https:\/\/www.med.unc.edu\/patientprivacy\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.med.unc.edu\/patientprivacy\/privacy-topics\/auditing-access-to-electronic-medical-record\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.med.unc.edu\/patientprivacy\/privacy-topics\/auditing-access-to-electronic-medical-record\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.med.unc.edu\/patientprivacy\/wp-content\/uploads\/sites\/524\/2018\/05\/prexd.hospfrontp.jpg\",\"datePublished\":\"2018-05-22T20:32:10+00:00\",\"dateModified\":\"2020-04-15T15:07:09+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.med.unc.edu\/patientprivacy\/privacy-topics\/auditing-access-to-electronic-medical-record\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.med.unc.edu\/patientprivacy\/privacy-topics\/auditing-access-to-electronic-medical-record\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.med.unc.edu\/patientprivacy\/privacy-topics\/auditing-access-to-electronic-medical-record\/#primaryimage\",\"url\":\"https:\/\/www.med.unc.edu\/patientprivacy\/wp-content\/uploads\/sites\/524\/2018\/05\/prexd.hospfrontp.jpg\",\"contentUrl\":\"https:\/\/www.med.unc.edu\/patientprivacy\/wp-content\/uploads\/sites\/524\/2018\/05\/prexd.hospfrontp.jpg\",\"width\":7917,\"height\":3431,\"caption\":\"Panoramic view of UNC Hospitals, School of Dentistry and Manning Drive.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.med.unc.edu\/patientprivacy\/privacy-topics\/auditing-access-to-electronic-medical-record\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.med.unc.edu\/patientprivacy\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Privacy Topics\",\"item\":\"https:\/\/www.med.unc.edu\/patientprivacy\/privacy-topics\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Auditing Access to Electronic Medical Record\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.med.unc.edu\/patientprivacy\/#website\",\"url\":\"https:\/\/www.med.unc.edu\/patientprivacy\/\",\"name\":\"Privacy Office\",\"description\":\"UNC Health Care System\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.med.unc.edu\/patientprivacy\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Auditing Access to Electronic Medical Record - Privacy Office","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.med.unc.edu\/patientprivacy\/privacy-topics\/auditing-access-to-electronic-medical-record\/","og_locale":"en_US","og_type":"article","og_title":"Auditing Access to Electronic Medical Record - Privacy Office","og_description":"Introduction to Access Monitoring As part of our ongoing efforts to ensure the privacy of patient records in accordance with federal regulation and UNC Health HIPAA policies and procedures, the UNC Health Privacy Office audits employee access to patient information. This is done through the use of a computer application designed to monitor compliance with &hellip; Read more","og_url":"https:\/\/www.med.unc.edu\/patientprivacy\/privacy-topics\/auditing-access-to-electronic-medical-record\/","og_site_name":"Privacy Office","article_modified_time":"2020-04-15T15:07:09+00:00","og_image":[{"width":1024,"height":444,"url":"https:\/\/www.med.unc.edu\/patientprivacy\/wp-content\/uploads\/sites\/524\/2018\/05\/prexd.hospfrontp-1024x444.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.med.unc.edu\/patientprivacy\/privacy-topics\/auditing-access-to-electronic-medical-record\/","url":"https:\/\/www.med.unc.edu\/patientprivacy\/privacy-topics\/auditing-access-to-electronic-medical-record\/","name":"Auditing Access to Electronic Medical Record - Privacy Office","isPartOf":{"@id":"https:\/\/www.med.unc.edu\/patientprivacy\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.med.unc.edu\/patientprivacy\/privacy-topics\/auditing-access-to-electronic-medical-record\/#primaryimage"},"image":{"@id":"https:\/\/www.med.unc.edu\/patientprivacy\/privacy-topics\/auditing-access-to-electronic-medical-record\/#primaryimage"},"thumbnailUrl":"https:\/\/www.med.unc.edu\/patientprivacy\/wp-content\/uploads\/sites\/524\/2018\/05\/prexd.hospfrontp.jpg","datePublished":"2018-05-22T20:32:10+00:00","dateModified":"2020-04-15T15:07:09+00:00","breadcrumb":{"@id":"https:\/\/www.med.unc.edu\/patientprivacy\/privacy-topics\/auditing-access-to-electronic-medical-record\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.med.unc.edu\/patientprivacy\/privacy-topics\/auditing-access-to-electronic-medical-record\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.med.unc.edu\/patientprivacy\/privacy-topics\/auditing-access-to-electronic-medical-record\/#primaryimage","url":"https:\/\/www.med.unc.edu\/patientprivacy\/wp-content\/uploads\/sites\/524\/2018\/05\/prexd.hospfrontp.jpg","contentUrl":"https:\/\/www.med.unc.edu\/patientprivacy\/wp-content\/uploads\/sites\/524\/2018\/05\/prexd.hospfrontp.jpg","width":7917,"height":3431,"caption":"Panoramic view of UNC Hospitals, School of Dentistry and Manning Drive."},{"@type":"BreadcrumbList","@id":"https:\/\/www.med.unc.edu\/patientprivacy\/privacy-topics\/auditing-access-to-electronic-medical-record\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.med.unc.edu\/patientprivacy\/"},{"@type":"ListItem","position":2,"name":"Privacy Topics","item":"https:\/\/www.med.unc.edu\/patientprivacy\/privacy-topics\/"},{"@type":"ListItem","position":3,"name":"Auditing Access to Electronic Medical Record"}]},{"@type":"WebSite","@id":"https:\/\/www.med.unc.edu\/patientprivacy\/#website","url":"https:\/\/www.med.unc.edu\/patientprivacy\/","name":"Privacy Office","description":"UNC Health Care System","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.med.unc.edu\/patientprivacy\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links_to":[],"_links_to_target":[],"_links":{"self":[{"href":"https:\/\/www.med.unc.edu\/patientprivacy\/wp-json\/wp\/v2\/pages\/2561","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.med.unc.edu\/patientprivacy\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.med.unc.edu\/patientprivacy\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.med.unc.edu\/patientprivacy\/wp-json\/wp\/v2\/users\/79870"}],"replies":[{"embeddable":true,"href":"https:\/\/www.med.unc.edu\/patientprivacy\/wp-json\/wp\/v2\/comments?post=2561"}],"version-history":[{"count":0,"href":"https:\/\/www.med.unc.edu\/patientprivacy\/wp-json\/wp\/v2\/pages\/2561\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/www.med.unc.edu\/patientprivacy\/wp-json\/wp\/v2\/pages\/2487"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.med.unc.edu\/patientprivacy\/wp-json\/wp\/v2\/media\/2541"}],"wp:attachment":[{"href":"https:\/\/www.med.unc.edu\/patientprivacy\/wp-json\/wp\/v2\/media?parent=2561"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}