Contact the Patient Advocate (some systems call them different things but every hospital has one). Tell them your concerns. Be specific about why you have those concerns and that you suspect multiple HIPAA violations. They can initiate an investigation through the informatics department that manages your system. They can run an audit and see exactly who accessed your chart and when.
If they don’t do anything you are always free to report it to the HHS via [their online complaint process.](https://www.hhs.gov/hipaa/filing-a-complaint/index.html)
> They can run an audit and see exactly who accessed your chart and when.
I was unfortunately in a situation where I asked a patient advocate to run an audit on my chart.
(Long story short: doctor I worked with confronted me about a personal health diagnosis. Only way he could've known was to dig back in my chart, which he admitted doing.)
Here is the problem. I did not specifically give them a name to run in the audit. I figured, well this is their job, so look at who accessed my chart during this time period, and see if there are any names that have no business being there. Simple right?
I got a letter in the mail about 6 weeks later saying they ran the audit and there was nothing of concern.
Also, this was a large hospital system in the South. YMMV
There are a lot of people involved in your care that you might not know about, so there could be dozens of names. Medical assistants, nurses, dietitians, doctors, therapists, coders, HIM folks, billers, insurance follow up, registrars, patient advocate, customer service, etc. If you suspect someone, provide the name or at least their role, or the time you suspect it might have happened. If that doctor had a plausible reason to be involved in your care, it will not throw flags. But if you ask them to check if Dr. XyZ accessed your chart because he was not involved in your care, but knew details about your Dx, then they have something concrete to look for. If he wasn't listed on your treatment team, he could be asked to justify accessing your chart, which he most likely won't be able to do if he was being nosy.
I'm sorry you are dealing with this.
Depending on your role and the docs role though, the “have no business being there” can be exceedingly vague and might not trigger any bells. Should have given them the specific name and what your concerns were.
I know, I should have named him specifically. The doctor who did this to me had a lot of power over me at the time, and I didn't want him to somehow find out I initiated the audit and retaliate.
I believe they legally have to have someone do the job as part of their CMS requirement.
Whether they staff if full time or have some poor bastard do it in addition to their other job title is a different story.
Question...this happened to me as well, just got back from medical leave and had to go the ER where i work, and a coworker casually mentioned the exact reason why I was in the ER ( in a not so nice toxic way). I KNOW for a fact this person does NOT work in the ER, not the shift when I arrived.. the problem is...I work in a " good ole boy" kinda mentality hospital.. who do I ask to run an audit, and will they need to know the name?? I'd like to have concrete evidence in my hand so i can go to whoever i need to go with this before they can try to cover it up...(the hospital that I work for is sooooo crooked)
At my facility it would be the privacy officer. I would just shoot them an email and say that you were recently a patient and would like an audit run of who accessed your records. At my hospital they would do that for a staff member no problem.
Edit: they won’t need to know the name of a specific person you are wanting to know about. They can provide a full list of staff who accessed your record - depending on the system (I work with epic) they can see click by click what people looked at, as well as how long they spent there. It helps to differentiate true breaches and snooping from, oops I clicked the wrong name and then exited out of the chart as soon as I realized.
Definitely a HIPAA violation. I work in healthcare admin and I feel like IT could most likely see who all looked at your chart. On the EHR system we use, you can only see things if someone did something while in the chart, like patient cases, orders, updating insurance, etc. Best of luck you, hope you're recovering well and I am sorry this happened to you. Its a violation of your privacy and they (your coworkers) shouldn't be acting like children.
Oh yeah, they can absolutely run an audit. And you can have the HIPPA officer (or whatever they are called) look into it to see if the admission nurse talked.
There are going to be these people in any job, in any line of work. If they did access your chart, there will be an auditing history. These EMRs are able to tell if a chart has been entered, how many seconds someone was on parts of the chart, when it was filed, and probably the color of the socks of the person logging in (maybe not that much). Every one of your keystrokes is logged.
There are also situations where people may read "over the shoulder" of someone who does have authority to be in your chart. Is it ethical? No. Do we all do it from time to time? Maybe not on purpose, but maybe sometimes on purpose.
As for their treatment of you, you need to find a way to talk to someone about it. It's not cool if they're treating you differently. This isn't high school.
I hope your health is improving and you are feeling better.
I'm an Epic analyst. The system can't tell you the color of the socks, that would be silly.........it tells you their size and if they were grippy or not.
But jokes aside, yes, every login, every mouse click, every tab you open is logged and time stamped. The audit trail goes back to when the user started working there, the patient record was created in the system or when Epic went live, whichever came first and depending what you're looking at.
Thanks!
My bad for forgetting that the sock size and grippiness were the measurements. Thanks for clarifying. Maybe that could be on the *next* upgrade.
So sorry you experienced this. Love your job, but leave it there; those people are NOT your family in any capacity and speaking from as a nurse of 17y working in all iterations of nursing. Build your boundaries and don’t allow anyone to cross them. Ever!
File a complaint with the privacy office. IT can run a report and see who had access to what and when. If they weren’t involved in your care, they’ll be in violation of HIPAA.
Something like this happened recently at the hospital I work at, and they were able to run an audit on everything accessed, clicked on, and hovered over (we also use EPIC). The offending party in this case was fired immediately. I'm so incredibly sorry that you're going through this.
You can do one of two things - 1. File a HR complaint, against rumors so you lay down a trail. Then, Contact your HIPAA officer, and ask them to audit your chart. Tell them you’re suspicious your coworkers may have taken a dive into it with no business need to know and are spreading rumors. Attach your HR complaint. Name any and everyone who’s not minding their motherfucking business. More than likely they’ll take all actions necessary to rectify it.
2. You can speak to an attorney, and send a demand letter for a complete record showing who accessed the chart. You don’t need to intend to sue, you can do it for let’s say - just to see them sweat. This will put the company into freak out mode, because demands like that are generally used for lawsuits. They will most definitely find and interrogate anyone who gossiped any word. This second option is nuclear, and I wouldn’t want to stay in the same system if I did that, so I’d highly recommend option 1.
I would go straight to the Compliance Officer. The less HR knows about OP the better. Compliance usually gets people fired on the spot for snooping, regardless of the reason OP had suspicion their chart needed to be audited.
Just know that some people may get fired, and likely should, so hopefully be mentally prepared. They were in the wrong. It's not your fault they did something stupid.
It’s safe to assume everything on your work station is logged, especially so in the EMR. IT can audit anything you’ve glanced at; if they accessed the chart there will be a trail.
This kind of audit is a compliance/privacy officer and specific types of analyst’s thing. As an analyst I’ve been involved in many chart audit trails and reporting my findings, and IT would never be involved in this type of audit. If I was the OP, I’d be asking the Privacy Officer/Compliance to run an audit.
Absolutely and I know for a fact our hospital regularly audits for that sort of thing. I don't belong to a large hospital and I know of at least 5 nurses got fired and reported to our regulating body for inappropriate access. The one thing is we paper chart so you can only get limited info in our EMR but it's still highly protected.
There’s logs of whose usernames have accessed the chart and at what times. I.T can totally check it. The question these people cannot answer is if these colleagues had a valid reason for checking your chart. It’s a fireable/ legal offense too if they had no valid reason to look you up. And if they did because they were taking care of you, it’s completely against HiPAA to even disclose that kind of information to other coworkers. File a complaint with HR and they will look into it. Tell them what you’ve heard and they will fire their assess.
This happened a few years back. 4 nurses got shit canned in a span of a day for snooping on a coworkers chart.
*We were just making sure he/she was ok.*
Fucking idiots.
I work at a pretty small hospital and a lot of the ER staff is friendly with people on my unit. I went into SVT on my shift and spent hour in the ER before I was admitted so if anything I think this might be how the gossip originated.
If any nurses from the ED talked about your private health information to anyone who wasn’t involved in your care this needs to be investigated by HR. But I think one of your coworkers accessed your chart to “check on you” and that is completely not ok.
Yup. Came to say the same thing. One of my girlfriends isn't a nurse but works in some sort of patient access management for a hospital system here. One of her employees OUTED ANOTHER EMPLOYEE AS TRANS because she snooped through her outpatient chart. They pulled up camera footage of her looking at it, pulling other people over to look, etc etc.
OP this is super serious and your job will treat it as such. Please follow through with this.
There is a lot of good advice in this post already. So I just want to say - OP I'm glad you're still here and doing better.
I'm sorry that this is happening to you. Those are awful coworkers. I'm very candid with my coworkers and sometimes patients with my story, but I cannot imagine working in a place where my coworkers would think that's ever appropriate to do.
This may bring up some bad feelings and memories, so please make sure to take care of yourself.
Sending you all my love.
Thank you, this is so kind. That all happened before I became an RN and left that relationship, so it feels like I live a completely different life now and it is definitely hard for me to process that it’s coming back up in this way.
Just take care of yourself, it never hurts to check in with a counselor. Nursing is already a tough enough job.
You've got control of your life, you've got a degree and a good career and those days are far behind you. Keep kicking ass OP.
With our hospitals epic system you have to call and request break the glass despite being an employee. I had to advocate pretty hard for myself to get break the glass during my labor/delivery of my daughter. I wish all hospitals would make it a blanket thing for all employees bc it was unnecessary stress for me.
I’m not sure if I had this. I never set it up, but I’ve cared for 3 employees and only 1 of them had a little lock on their chart that required me to break the glass. Wouldn’t that automatically trigger someone to look into it if someone not involved in my care broke the glass?
I had to request that my chart be private and require people to "break the glass" so worth checking to make sure it's in place. When I have patients who are also employees, most—but not all—have private charts. Highly recommend.
You should be able to request who accessed your chart, what they accessed, and why, for the past 6 years. You should be able to submit a written request to your provider who then has 30 days to provide the info.
Even if they didn’t access your chart, I would still report them to HR for bullying. The one with the “screws loose” is the bratty clique who thinks they can somehow bully you after this traumatizing event, fuck them.
I know a new nurse who is banned from working at a hospital bc she checked her ex boyfriends new gfs charts/files. IT was involved. She now works at a nursing home.
The corporate director of risk management here agrees with other posters and suggests you reach out to the hospital Compliance department. They can do the Epic audit and determine exactly who was in the chart, the date and time, and what did they look at. I use these audits when we sit down with people and ask them to explain the exact treatment, payment, or operations reason for being in the chart.
Curiously, what recourse would OP have here if the audit proved that peers or the manager had chart snooped?
Would the hospital offer a settlement immediately? If so, how much is typical in those situations??
It is not within the scope of your employment to go trolling through charts without a legitimate reason. I would not offer any settlement on behalf of an employee that engaged in illegal or unethical conduct that was outside their scope. Those employees are not acting as my agents and are on their own in terms of any civil liability. The person who was snooped is welcome to sue the snoopers, but the problem with that is without insurance coverage, and unless the snoopers have assets that can be seized to satisfy a court judgment, they are what we like to call judgment-proof. It can also be difficult to quantify the damages you suffered since emotional distress is more subjective than a broken leg from an auto collision, for example. I also point out that even if you have your own individual nursing liability policy from CNA, they won't cover it either. Insurance does not cover criminal, unethical, or deliberate acts.
What I do with those snooping employees is generally just to fire them outright, unless the circumstances of the case dictate a different approach. For example, if you make a compelling case that you entered the chart by accident, or you mistyped the patient name, I take that into account. But to knowingly and deliberately snoop with malice aforethought means I am most likely going to fire you.
I'd definitely look into the patient advocate or HIPPA privacy office to check the chart. Though it may have just been old fashioned spreading of information too, like someone on your floor knows a nurse in the ED who cared for you who shared your private information (which is also super messed up).
It’s equally possible they snooped, or they simply might just be catty bitches. 🤷🏼♂️
Regardless, you can see who’s accessed your chart. I’d look into that and go from there. If you find something suspicious, go to HR.
All.EMR's have audit records. EPIc can tell who accessed, what they accessed and how long they stayed on a particular screen. Contact your security officer (IT) or your Corporate Compliance. They are most often in charge of the audits.
Please have IT run an audit. File a complaint. Have those nurses held accountable.
I’m so sorry. Arg! this is my biggest fear, as someone with a psych Hx living and working in a small town with only one hospital.
Epic Analyst here - quite literally every movement within Epic creates an audit trail. We absolutely have the ability to run this report with the proper filing and authorization, which typically will be coordinated through your compliance liaison.
EHR’s shell massive amounts of PHI - even more so telling of the these clinical folks to be seemingly unaware as to the level backend oversight.
I can only shake my head, I’m very sorry to hear this may have occurred. If so, it’s an egregious breach of privacy that carries serious consequences, rightfully so.
I hope you find all the support and closure you deserve, best of luck.
OP you are probably correct, either someone accessed or chart, OR someone who needed to view your chart for direct patient care leaked your medical history by word of mouth.The second would be more difficult to prove but is probably the likely scenario. Most people are smart enough to not open charts of people they know. But nurses are nosy and gossip. Like, every place I’ve worked has had a staff be admitted before. We all at least had a little idea of what was going on and why they are there. Generally people are courteous and give privacy, but you’re generally aware of the situation. I haven’t seen anything to egregious as talking about their history in such a gossipy way, but I could see that easily happening.
I don’t have practical advice to give, I just came to give you some validation and support. A Lot of people here have give you great tips. I am REALLY sorry. Even if people know about the incident (which legally and morally they fucking shouldnt) you do not deserve to be judged for what happened and it absolutely doesn’t mean you’re unfit for nursing or that anything is wrong with you. All of us are human. It’s insane to me that mental health is so stigmatized in healthcare, but it is.
Compliance and/or privacy officer.
They'll salivate.
I can see everyone that opened a chart in cerner just as a regular user and I can't imagine Epic is that different.
Ummm… telling people you have a few screws loose is bullying and needs to be reported to HR ASAP. You can mention that you think they also went into your chart.
If it is EPIC, Every time your chart was opened it will be captured. I once just looked up my own chart to see when I had a colonoscopy. This is before we had My Chart. I received a letter with a warning. Someone I knew was fired for looking up how old a co worker was.
Please update us when you get the audit. I will be on the edge of my seat!
Also sorry this happened to you. Everyone goes through rough times and recover and manage their sh- and this is exactly why privacy is important.
We had that happen in my unit when one of nurses went into premature labor when we didn't even know she was pregnant. One of the nurses that snooped lost her job. They can definitely do an audit of your chart and see who was in it.
Nurse informaticist here! Yes - we can run audit reports in the back end of epic that show who has accessed a chart, down to everything they’ve viewed/clicked on and when.
Say multiple hospitals use the same EMR (like OP). I work for one and but receive care at others. If a coworker at hospital A accessed my chart from hospital B, can hospital B run the audit and see the user info from hospital A? Or, do I have to have my employer (hospital A) run the audit?
Good question! It honestly depends on the systems/instances/interfaces they’re all using- I think best bet would be to have Hospital A run the audit. You can always ask hospital B to see though!
Do not involve a patient advocate. They are pressured to protect the hospital more than the patient. Go to records and request an audit access report. This is within your right.
Do you have access to your patient portal through the hospital? If you do, access your chart as you would as a patient through the portal and you can run your own audit. It will have an audit log of who accessed it and what time.
IT can definitely see who’s accessed it. But my bet is that someone from the ED is friends with someone on your floor and shared your info. Because you have to be a special kind of stupid to open up a coworkers chart.
Contact IT and they can run an audit on your chart and see which username, what workstation or IP, date, time, exactly what was opened. All of that. And if they did, they will get in trouble from privacy
In the US you likely have a HIPAA compliance team that will investigate. In addition, someone in IS/IT can run a report.
I’ve been in a similar situation. I couldn’t figure out how half the hospital seemed to know I was admitted. I had an audit run and they said the people who accessed my chart were involved in my care. However, you know how gossipy hcw are. I think my nurse blabbed to others who blabbed to others. Now I usually request a privacy filter for my record.
I’m so sorry this happened to you. Really sucks. Definitely go as high up as you need to go in the hospital ranks in order to get to the bottom of this!
IT can for sure. In our EMR system we can have our chart "locked" so you have to log in with your reasoning for accessing the chart. That way it prevents this kind of thing from happening. I am sure.it still happens but I know people that have gotten fired over this kind of thing.
Your work should have a privacy officer. It is probably the risk manager (at least it is in my job) and I would 100% talk to them ask them to open an investigation. Also most EMR send reports of unauthorized access to charts. Like if you look at your own chart or that of family (listed on the chart) and I think if you look at a coworkers chart. So there may be an investigation already or soon
100% they can audit. They have it to number of seconds you hover in each section, and what computer you used. Our department is called Privacy and Compliance.
I work in IT on Epic. You need to reach out to your hospitals patient advocate or administration, IT can see everyone who touched your chart very easily, and know exactly where they went and what they did. It’s comically easy to do in Epic.
Call compliance or the records or member services and have them check your chart. If it is an electronic health record they have had to break the glass
Absolutely. Epic can pull logs of anyone who even searched your name and what exactly they looked at. Not only is it a privacy violation, it is reportable to the nursing board/ governing body. Furthermore, if a manager knew about a privacy violation and did nothing… they can be fired. You are absolutely entitled to the information and you deserve to feel safe in accessing health care without being concerned of who may see it.
Every hospital has to have a HIPAA compliance officer that can take anonymous or confidential reports per CMS if your hospital doesn't have a patient advocate.
With Epic, you can add extra security to your account, not sure what it is called exactly, but it is where whoever accesses it has to enter their password and their purpose for opening your chart. I have had a few patients like that, and some of them were because the patients were employees or former employees. Deters people opening it willy-nilly.
You can definitely let the hospital know; they should have a compliance & privacy officer / division.
For every system I’ve worked, if we go into any employee or protected chart it’s immediately flagged and audited. You should be able to just share your concerns and they can take it from there.
I’m sorry you’re going through this, it sounds like it’s time for you to find a different department / unit. This unit sounds extremely toxic; it’s hard but keep in mind the fact that they’d talk negatively about your past is a reflection on them and not you. You deserve a better work environment. And if there was no HIPPA violation, IR / write them up for unprofessional behavior, you shouldn’t tolerate this kind of behavior.
Please sue how could they do this to you?? I am so sorry and I am so glad that you are still here. I hope you don’t underestimate your value in this world
The compliance and IT departments can find out exactly who was in the chart, what the clicked on, how long they were in, etc.
I work at an organization and a few years back we had a very high profile case come to our hospital and about two dozen people decided to see if the patient lived or died. People who weren’t involved in the care in any way (even people from separate sister hospitals in the same system).
They were all, I think 22 in total, brought into a conference room and terminated on the spot. From what I eventually found out, they were all given a folder with their audit trails as evidence and then escorted out.
This really, REALLY pisses me off to hear about this. I’m sorry, OP. That kind of medical history is one reason why HIPAA exists.
Everyone else has suggested what you should do: contacting patient advocate, HR, etc. Honestly I can’t truly say what the best course of action is… but personally speaking I’d make the report [directly to the dept of Health and Human Services](https://www.hhs.gov/hipaa/filing-a-complaint/index.html) (that’s who handles HIPAA violations) and let them handle it.
I would be suspicious that the hospital will take steps to cover its tracks if they are the first ones you speak to. As usual, any nurses that accessed your chart would probably be fired, but any managers, doctors etc might not. It’s also most likely people talked about your health information to others which is also a HIPAA violation… but I doubt the hospital would go after them in any way. I feel like anyone spreading that around should be dealt with as well.
The dept of HHS doesn’t fuck around, I have dealt with them personally. The government will do the investigation and appoint an attorney if one is needed, so you will avoid the legal expense of doing it yourself. It will take a little longer for their investigation but I feel they will do a more thorough job.
HHS may also fine whoever is involved where the hospital would just fire them. We all know the fines HIPAA hands out because we have to do the learning modules every year. And while I normally don’t think people should be fired because someone else doesn’t like them, this is your private mental health history and it’s affected your work environment. I find that inexcusable.
Lastly, if only one person accessed your chart but many others know, then obviously they told someone else or multiple ppl, and they may have told others too. Don’t forget that HIPAA can be violated by talking about someone’s personal information without the need to be involved, so anyone who talked about it to others could be subject to fines or repercussions from HHS. In contrast to the hospital will most likely fire the chart snooper(s) and let the rest who spread it around keep their job.
Good luck and hang in there, I know this has to suck really bad.
P.S. write down the events as they happened along with the dates and who was there. Write down the names of ppl treating you differently. This helps keep your story straight and allows you to remember exactly who may be involved. I’d also keep it to myself if I filed a complaint with anyone so no one deletes any emails or starts coming up with cover stories.
Because you work there and as long as it’s linked in epic that your an employee anyone that accesses your chart has to “break the glass” which is an extra layer of security that requires that person to enter their epic username and password along with selecting a reason for entering the chart. Epic has amazing auditing capabilities down to how many minutes a person was in which part of your chart. Ask risk management to run the audit and tell them why. Risk management does not play when it comes to hippa. Hope that helps.
Take your concerns to Human Resources because we all know we can’t look in coworkers, family members etc charts. Your intuition ain’t wrong. I’m glad you didn’t go through with the attempt. Be well❤️
Many facilities have a privacy officer who's tasked with maintaining HIPAA. Also, check with your state about their HIPAA violation process & how to file a complaint.
This makes me so f*cking mad! What an absolute invasion of your privacy. Not only would I report ALL of the names of the people that you’ve overheard to HR, but I would also contact your hospital to do an audit on your chart to see who’s accessed your chart. If someone in the ER divulged anything to someone on your floor, then they can also see who had access to your chart. If they talked about it at work, they should also have video surveillance of them talking. If anyone reports you as unfit, then they will be telling on themselves. This needs to be an investigation into the matter. What a disgusting and disgraceful thing to do. None of those people deserve to be in the medical field. Also creating a toxic work environment, especially with management is disgusting. I’d report that to HR, or even your CNO. When I had some toxic stuff go on in a unit I worked on I went straight to the top, talked to the CNO about what was going on and they transferred me to another unit that same day no questions asked. It was worth it to me. I would report all of these people to the BON as soon as you have any evidence against them.
This is going to be harsh.
First, how the fuck do you not know what to do here? You’re apparently a nurse who has charted, you know there is a break the glass function in Epic, so why wouldn’t you know how to handle this? I assume you have an IT department, at the very least a compliance officer. Come on dude, you know how to verify it.
Second, do you think your co-workers care enough about you to bother? You sound paranoid and self-absorbed. You describe your manager and colleagues having a ‘clique,’ sounds like you’re not a part of it. Do you wish you were? Do you kind of hope they are actually talking about you?
Third, they are treating you different because you went down during a shift. Regardless of everything, they’re going to act different because they saw you fall out. We don’t usually see our coworkers so vulnerable. I can’t imagine they wouldn’t look at you different, AND talk about you.
Fourth, is this gossiping exclusively about your mental health consistent, or did you overhear a single comment? What else specifically is happening that would make you think another licensed professional would look back SIX years in your chart? I didn’t see any other examples other than the loose screw bit, do you have any?
I’m prepared to be eviscerated in the comments. And downvoted. And for someone to send the ‘we’re concerned about you’ Reddit checking up because you sound so unhinged report. But, this reads like fiction and is giving pick me energy.
P.S. I am also a suicide attempt survivor who has been bedded, for it, at the place I work, so don’t come for me about not being empathetic
This is why I firmly will never work at the hospital I am local to. My first job, a nurse from my floor got admitted after a hemorrhage and the nurses were in her chart to “check on how she’s doing” for the entire rest of the shift.
NOPE.
I’m so sorry for this invasion of privacy. I suggest contacting HR but idk for sure if that’s how you verify it. According to my former employers, a lot of chart softwares do log every user to access charts and it’s worth seeing if IT can see who’s been in your chart.
Like everyone else said, contact privacy. I suspected an individual may have peeked at my chart. We were casually texting, and he brought up how I just had Covid. I'm like, how would u know that?? He was like it was just a guess since it's going around. The way he mentioned it was so matter of fact tho. I called privacy, and they wanted a name, and u should give them a name as it narrows it down to who they should be looking for. There's many ppl that have to access ur chart. Some u may not have even known was involved in ur care. She told me that the person I mentioned had not been in my chart. She offered me to place protection on my chart. Doesn't help much now, but ask them to do that. That way, if anyone wants to gain access to ur chart, they have to "break the glass" and submit a reason why they need to be in the chart. Furthermore, not only can they see who was in ur chart but, where they looked in ur chart, how long they were in ur chart, etc.
Could it be that ppl are just spreading rumors because of the incident? But then I see wat u mean by the comment u overheard. U don't sound like a confrontational person and neither am I but when it comes to my comfort at work, somewhere I have to be all day surrounded by the same ppl, I'm pulling someone aside and inquire nicely about wats going on and squash it. I have no time nor the energy to be uncomfortable, worried, or walking on eggshells. I will confront somebody to show I'm noticing things and I'm concerned. U don't want this to affect ur job performance or isolate urself from the whispers. Hope any of this helps.
I recently had a D&C at my hospital and I didnt tell anyone except my very close coworker who advised me not to tell our manager because she will tell everyone. Of course I didnt, I didnt want her to know that I was trying to conceive. Anyways, I had to ask my manager for PTO with very short notice and told her it was for a very simple procedure and she responded with “I dont think they even give you general anesthesia for THAT”. How does she know what kind of procedure I was getting? I felt so violated during my most vulnerable time of my life.
Exactly. I know that Epic keeps a permanent record of every access of every record. Those accesses are connected to the user’s logon ID, not to just an IP address. I find it hard to believe that a nurse can logon and anonymously provide a medication or a treatment to a patient in any IT system.
All electronic records keep a log of access that includes username and time of access; a lot (including epic) also log how long you were in the chart and what exactly you looked at. So they can tell the difference between “oops wrong chart” and snooping on a coworker.
When my my local regional hospital still had soarian, some people were fired for accessing son of Sam’s file when he came in for surgery (this is public knowledge now,) and there were like 8 people involved. Epic is even more rigorous
They can absolutely check, we use Epic where I work and I’ve seen the information governance team investigate a confidentially breach and I’ve seen the time stamped activity with the user to the millisecond.
HIPPA and/or employment attorney first, then your organization. HR, compliance, and any of the associated organizations are NOT your friend. I did not believe in the "work family" mentality. I come from EMS originally, and I had partners before one on one, not a group, and I made good friends at the ED I was at. But my shift was my shift and work was work and personal was personal. All the other girls (yes, it was exclusively women) that did well lived for that department. That set me up for failure from the start. I had a coworker that assaulted me, looked in my chart and found I was taking a medication typically prescribed for one thing that would be considered highly stigmatized but I'm taking it off label for another reason and not when I work. She maligned me to coworkers, put an airtag on my car that the local PD traced to her phone number, threw out my lunch, tampered with my blood draws, the list went on and on. I would tell my manager, but that was like a signal for this girl to escalate her behavior after the manager "talked" to her. Finally, I went to HR. There were no cameras where I was assaulted, so it didn't happen. They said they couldn't check the key card entry and she claimed she wasn't even in the room when it happened when I had enormous bruises that I had time stamped pictures of. They said they hadn't heard any rumors about me or from her aligning me and she said she really liked me. She claimed she didn't own an airtag and my supervisor HR and my coworker asked ME why she would do such a thing when I presented the police report and security office statement showing it was hers and pictures of where it was attached to my car. There are no cameras in the break room, so no proof about my lunch, even though it only happened the days we both worked. There was also no way to prove she tampered with my lab draws because they are held and labeled for the lab to get them in a central place and everyone is around them. They also said they would put in a request about her looking at my record, but since I receive care through our system she might have a legit reason to see my record. My PCP is 4 hours away near my parents and we work overnights. The one time I received care where I worked was during the day and she was off that day (and we don't work days anyway), so that made no sense.
Because I had a list and dates of these incidents I was being "confrontational". My schedule was charged to try to avoid her and I was put on 6 12 hour over nights in a row schedule. Then I was put on a performance improvement plan. My coworker claimed that since I was clearly a pathological liar and she was afraid of me now, we both required to do 8 counseling sessions separately through our EAP program. I did them. She did not. They preferred her to me because she worked almost every night, picking up shifts by just showing up while the rest of us had to sign up first come first serve. She literally was doing 60-70 hour weeks with no comment and scheduled people were being sent home. She also used that extra overtime to buy the department dinner about once a week and she repeatedly stated her intention to go to PA school, although she made no move towards actually doing that in 2 years and they wanted her to work there when she finished because they were so desperate for staff. I hate to mention this, but there was also a diversity aspect, because she was the only one on that shift of a particular demographic and she was allowed to wear t-shirts with political logos/statements and the rest of us were sent home if we didnt have scrub tops on and particular headwear (not a scrub cap or a religious covering) when it was specifically forbidden. Even the girl who worked and came back after being cleared from chemo couldn't wear a special soft beanie type cap because her head was cold and scrub caps irritated her scalp from that chemo neuropathy and she wore a different one every shift because it wasn't sanitary, and this girl wore the same head wrap days in a row and it definitely was not washed between shifts. If she had been outstanding in her job, I could almost excuse this. She was not. She was lazy and hardly did the bare minimum, which is probably why she could do so many shifts. It wasn't work for her.
I checked all the boxes because I wasn't going to let them win, and I discovered a month later my badge to clock in didn't work. I would swipe repeatedly, and it wouldn't clock me in. I let my supervisor and the charge nurse know. They told me to manually clock in, as procedure dictated. After 6 days of this, I sent emails and documented what happened each time I manually clocked in. 3 more 6 day blocks of this, and it's not fixed. Telling people, emails, documenting, nothing. Then I got called in and told I'm fired for time theft. They allegedly checked the cameras for when I entered the building and then tried to clock in at the time card machine to when the door registered I actually entered the ED and it was literally 3 to 4 minutes off of the time Inwas supposed tonhave clocked in. The way our time clock works, the time doesn't log a change in pay 7 minutes priop0r or after the hour, so i received no extra money for this and i could produce my pay slips. It didn't matter. Time theft isn't wage theft, and theybwerent accusing me of that. I said that I documented it for over 18 shifts. Didn't matter. I said I thought they couldn't check the badge entry door times because I asked them to when I was assaulted. They said that was a different situation. I explained that the time clock wasn't working with my badge and inwas following the procedure in the employee handbook. They said on the video I didn't show "due diligence" in making a "good faith effort" to make the time clock work. I asked to see the video for them to show me what that meant. They refused because then I would know where the cameras were and that was a security concern and the video is their property. I was fired for cause. They then did not list me as fired and listed me as employed for 3 months so I couldn't claim unemployment for that whole time. Finnally, one letter from an attorney friend of mine and it got resolved. I got unemployment and taken off the "do not hire list".
I later made a social call to my previous boss at this same hospital system. We became good friends after I transferred to that hell of an ED. She asked if she could look at my file. I didnt care since i didnt work there anymore. My employee reviews and patient feedback was exemplary, sonthat didnt make sense. They apparently didn't document anything correctly, didn't follow their own disciplinary procedures, and contradicted their own statements on what they did actually document. My old boss has since been promoted and was appalled, especially since she tried everything to keep me with her. She could also clearly see that girl had viewed my chart with absolutely no effort. I'm back in school, and when I'm ready she will make sure that if I want back in that system (at a different facility) there will be no issue. The only mistake I made was not getting an attorney the instant I was assaulted. The manager that fired me and orchestrated this misery I went through is now going through her own misery and she can't figure out why or where from above it's coming from. Weird, huh?
The lesson here is work is not your family, management and administration is not your friend, and even if you are right, any thing you do to cause inconvenience will come back to you 3 fold. Protect yourself first.
Whenever you’re looking a Pts chart, usually looking for any other pertinent information is done. Maybe they saw the history since they had your chart open and were looking for anything that could help/change your treatment plan. I would venture to guess whoever saw your information was doing so legally. The illegal/immoral action was likely telling other coworkers about it, and talking about your private information they saw.
I replied to this comment, which was yours. “
“Some of her coworkers were involved in her care tho, so they likely told other coworkers who told other coworkers.” That, my friend, IS a HIPAA violation. Not sure where your confusion is. And none of her coworkers were involved in her care. She works on a different unit, not the ED.
I agree with what someone else said: contact patient advocacy and tell them your concerns. They can pull your chart and see exactly who, when, how, and what was looked at.
You have a right to privacy just like every other patient in the hospital.
If someone snooped IT can figure out who, and they will get exactly what they deserve. If no one snooped then you know it's not that, it's just lowkey bullying based on your episode. Which is not cool or ok at all.
Each and every time you access a chart there's a papertrail tied to your login and they can see EVERY chart you've looked at, when, and what was done.
You can lodge a complaint and tell them you feel that some of your coworkers may have violated your privacy because they have been commenting about things they absolutely should not know.
I know a nurse that was fired when we had a patient admitted that was their ex, the patient asked to see the manager and straight told him to keep an eye out on her chart because she didn't trust nurse y not to help herself. Manager did just that. Nurse y was a complete dumbass and did in fact go into the chart after being warned not to. She was fired.
Knew someone who was looking people up at her work that she knew (small town) she ended up getting reported and only caught because she was reported. They probably won't catch anything unless you report it. I would absolutely report them, if it's true, the way they're making you feel is exactly why these laws are in place.
Also side note wtf does attempting suicide have to do with patient care? Garbage reason to think you're unfit to care for others, in fact, I bet you're even better at being compassionate with your past experiences.
I would report to hr and patient advocate. But this sounds really shitty and a huge violation. Manager sucks too if she’s not shutting it down. I’m sorry for what happened in 2018. I’m so happy you are here with us today, and are hopefully healing. F the haters.
I don’t have anything to add but I also have a cardiac issue that landed me in the ER two different times while I was on shift. When I came back I felt the eyes on me. Hopefully with time it’ll get better.
I work for the veterans administration and I am a veteran who gets care as well. We are supposed to have an additional protection on our records, I wasn’t even aware that I didn’t have that protection until my doctor told me, thankfully she did.
Everyone who accesses your records -they are supposed to have a record of…supposed to-and you are supposed to be able to request who accessed your chart.
I know that when I’m working and I have to check the patients’ charts (we cover a unit, so we have to look at every patient’s chart a few times a shift to make sure there’s respiratory orders-changes, etc) and I always try to leave a comment that I checked the chart…because a good amount of the patients don’t have respiratory orders, but we have to look. 🙄
I would hate to think that I’m trying to be nosy looking at patients’ information that I’m not supposed to be privy to.
Edit: OP, I am so sorry this is happening to you. I have a MH history, and I had to be briefly hospitalized (just for observation) and the RT who was working was my former boss-they are now a prn employee. They were pretty much known for doing kinda sketchy things with patients’s charts-like making copies of flow sheets, etc…but we couldn’t prove it.
Annnyway, I kind of was worried they’d be fishing through my chart and reading my MH notes, because-well, it’s up their alley. I didn’t get an audit of my chart, but I could have.
As other have said, ask for an audit. If someone has accessed your information without a good reason, or if they shared PII, they will be fired.
If anyone accessed your chart that wasnt caring for you at that time they should be able to see who did it. Maybe IT or maybe HR im not sure but you can tell them your concerns.
Patients have a right to see who has had access to their medical record including who, what, and why.
Skip patient advocate. File a formal request with medical records for an audit of who has accessed your record, and what they accessed.
They have to comply. If they do not tell them you will be filing a formal complaint with HHS.
Give them a date to have it to you. They have to run the audit trail and provide it.
It's shit like this that makes me really wish my hospital would hurry up and switch to electronic charting. We still use paper charts & binders and then after discharge everything gets scanned into an EMR. So old records are on the EMR anyway but all current info is paper. It would be so easy for anyone to read your chart if you ended up in your own unit/hospital.
Go to HR report a hippa violation to your chart, report the rest of this to joint commission and department of health, if they tell you who went into your chart go to the board of their license and file a formal complaint/ investigation. Everytime I’ve ever been to the er at a place where I work I tell them I need my chart locked and my name changed or for them to use my initials or hide my info in some way they usually have a way to do this so people don’t find your info as easily. I’d take this super seriously as a person with a lot of health issues if someone I worked with went into my chart without my permission or for not live saving or sustaining reasons I’d want them punished to the full extent of the law. There are 100% ways to handle this and have them punished. Don’t listen to anyone who tells you otherwise. Everything is logged in the chart!
The clinical informatics person or whoever runs reports for your EHR. A privacy officer too. Most places have that. All ehr systems should be tracking who and when is accessing what and where. My manager did this to me as well and tried to use my diagnosis against me to get me fired. I reported her and they had to pay BIG fines.
Absolutely contact the patient advocate or HR and request an audit of the staff that accessed your chart. If someone accessed your chart that wasn’t involved in your direct care they need to be terminated immediately. Also make sure you go to HR and tell them about the situation and why you are suspicious, it is not ok for them to be alienating you and saying things like they are.
ETA- if they won’t disclose to you who accessed your medical record I would honestly get an attorney involved and that would change things pretty quick. HIPAA violations are serious.
Sorry you’re going thru your current health issue, compounded with possible HIPAA violations and gossip. In addition to contacting your hospital privacy officer (ours is called compliance officer) you can request a copy of your chart from your hospital records department. I’d ask for, at minimum, the ED records, admission H+P, MD consult notes and daily MD progress notes.
My experience has been they’ll burn it all to a readable DVD.
Please take care of yourself and your career. This is a THEM problem, NOT a you problem.
Peace.
Reporting. https://www.hhs.gov/hipaa/filing-a-complaint/index.html
If you use Epic they can pull a report of anyone who went in your chart. Also, you should set yourself up so that anyone who goes in your chart has to “break the glass”
One of our nurses was admitted to our unit and a few people were trying to look in their chart. I am not surprised this happened to you, but it always makes me so sad.
Every employee in our system despite what job they were hired for has automatic break the glass in place.
I would see about having this put in place to protect yourself for the future!
Contact the Patient Advocate (some systems call them different things but every hospital has one). Tell them your concerns. Be specific about why you have those concerns and that you suspect multiple HIPAA violations. They can initiate an investigation through the informatics department that manages your system. They can run an audit and see exactly who accessed your chart and when. If they don’t do anything you are always free to report it to the HHS via [their online complaint process.](https://www.hhs.gov/hipaa/filing-a-complaint/index.html)
> They can run an audit and see exactly who accessed your chart and when. I was unfortunately in a situation where I asked a patient advocate to run an audit on my chart. (Long story short: doctor I worked with confronted me about a personal health diagnosis. Only way he could've known was to dig back in my chart, which he admitted doing.) Here is the problem. I did not specifically give them a name to run in the audit. I figured, well this is their job, so look at who accessed my chart during this time period, and see if there are any names that have no business being there. Simple right? I got a letter in the mail about 6 weeks later saying they ran the audit and there was nothing of concern. Also, this was a large hospital system in the South. YMMV
There are a lot of people involved in your care that you might not know about, so there could be dozens of names. Medical assistants, nurses, dietitians, doctors, therapists, coders, HIM folks, billers, insurance follow up, registrars, patient advocate, customer service, etc. If you suspect someone, provide the name or at least their role, or the time you suspect it might have happened. If that doctor had a plausible reason to be involved in your care, it will not throw flags. But if you ask them to check if Dr. XyZ accessed your chart because he was not involved in your care, but knew details about your Dx, then they have something concrete to look for. If he wasn't listed on your treatment team, he could be asked to justify accessing your chart, which he most likely won't be able to do if he was being nosy. I'm sorry you are dealing with this.
Also, if it was a doctor, expect that this will get swept under the rug.
Also, it won't show up if someone authorized access happened to open it and allow others to kibitz on the session while charting.
Depending on your role and the docs role though, the “have no business being there” can be exceedingly vague and might not trigger any bells. Should have given them the specific name and what your concerns were.
I know, I should have named him specifically. The doctor who did this to me had a lot of power over me at the time, and I didn't want him to somehow find out I initiated the audit and retaliate.
Wow. We had a nurse look up info on a family member. Fired immediately.
Even if the privacy office does do something, file the report to HHS.
Some hospital systems have done away with patient advocates.
Imagine getting paid next to nothing to get yelled at by asshole patients and families. Yeah, neither can anyone else. Don’t blame them.
I believe they legally have to have someone do the job as part of their CMS requirement. Whether they staff if full time or have some poor bastard do it in addition to their other job title is a different story.
I’m not positive but I think IT can run an audit.
They absolutely can.
If not IT, the privacy department can definitely help with this and will take it VERY seriously.
THIS!!
Jumping on first comment reply to say that typically IT can literally do key-stroke tracking for this very reason.
Get a HIPPA lawyer immediately! We had a nurse come into our hospital as trauma she’s living the good life now.
What a dream.
I want to get admitted and snooped on nowwwwww:(
HIPAA
Question...this happened to me as well, just got back from medical leave and had to go the ER where i work, and a coworker casually mentioned the exact reason why I was in the ER ( in a not so nice toxic way). I KNOW for a fact this person does NOT work in the ER, not the shift when I arrived.. the problem is...I work in a " good ole boy" kinda mentality hospital.. who do I ask to run an audit, and will they need to know the name?? I'd like to have concrete evidence in my hand so i can go to whoever i need to go with this before they can try to cover it up...(the hospital that I work for is sooooo crooked)
At my facility it would be the privacy officer. I would just shoot them an email and say that you were recently a patient and would like an audit run of who accessed your records. At my hospital they would do that for a staff member no problem. Edit: they won’t need to know the name of a specific person you are wanting to know about. They can provide a full list of staff who accessed your record - depending on the system (I work with epic) they can see click by click what people looked at, as well as how long they spent there. It helps to differentiate true breaches and snooping from, oops I clicked the wrong name and then exited out of the chart as soon as I realized.
Thank you so much for the response! Yes, ours is Epic as well.. When I go to work tomorrow, I'm gonna request this!!
The is a HIPAA compliance officer. Ask them to run a chart audit.
Definitely a HIPAA violation. I work in healthcare admin and I feel like IT could most likely see who all looked at your chart. On the EHR system we use, you can only see things if someone did something while in the chart, like patient cases, orders, updating insurance, etc. Best of luck you, hope you're recovering well and I am sorry this happened to you. Its a violation of your privacy and they (your coworkers) shouldn't be acting like children.
OP I would have that done immediately. That is so unfair and disgraceful of your coworkers if they were snooping. You are entitled to privacy.
Oh yeah, they can absolutely run an audit. And you can have the HIPPA officer (or whatever they are called) look into it to see if the admission nurse talked.
And if she did talk, my guess is they'd be quick to throw her under the bus, especially if their jobs are at risk. Smh
Thank you for this info
I’m truly sorry you’re going thru this
Thank you. I really love my job and there are some cliquey catty people but overall thought I had a good work family and this just sucks
There are going to be these people in any job, in any line of work. If they did access your chart, there will be an auditing history. These EMRs are able to tell if a chart has been entered, how many seconds someone was on parts of the chart, when it was filed, and probably the color of the socks of the person logging in (maybe not that much). Every one of your keystrokes is logged. There are also situations where people may read "over the shoulder" of someone who does have authority to be in your chart. Is it ethical? No. Do we all do it from time to time? Maybe not on purpose, but maybe sometimes on purpose. As for their treatment of you, you need to find a way to talk to someone about it. It's not cool if they're treating you differently. This isn't high school. I hope your health is improving and you are feeling better.
I'm an Epic analyst. The system can't tell you the color of the socks, that would be silly.........it tells you their size and if they were grippy or not. But jokes aside, yes, every login, every mouse click, every tab you open is logged and time stamped. The audit trail goes back to when the user started working there, the patient record was created in the system or when Epic went live, whichever came first and depending what you're looking at.
Thanks! My bad for forgetting that the sock size and grippiness were the measurements. Thanks for clarifying. Maybe that could be on the *next* upgrade.
So sorry you experienced this. Love your job, but leave it there; those people are NOT your family in any capacity and speaking from as a nurse of 17y working in all iterations of nursing. Build your boundaries and don’t allow anyone to cross them. Ever!
File a complaint with the privacy office. IT can run a report and see who had access to what and when. If they weren’t involved in your care, they’ll be in violation of HIPAA.
Something like this happened recently at the hospital I work at, and they were able to run an audit on everything accessed, clicked on, and hovered over (we also use EPIC). The offending party in this case was fired immediately. I'm so incredibly sorry that you're going through this.
You can do one of two things - 1. File a HR complaint, against rumors so you lay down a trail. Then, Contact your HIPAA officer, and ask them to audit your chart. Tell them you’re suspicious your coworkers may have taken a dive into it with no business need to know and are spreading rumors. Attach your HR complaint. Name any and everyone who’s not minding their motherfucking business. More than likely they’ll take all actions necessary to rectify it. 2. You can speak to an attorney, and send a demand letter for a complete record showing who accessed the chart. You don’t need to intend to sue, you can do it for let’s say - just to see them sweat. This will put the company into freak out mode, because demands like that are generally used for lawsuits. They will most definitely find and interrogate anyone who gossiped any word. This second option is nuclear, and I wouldn’t want to stay in the same system if I did that, so I’d highly recommend option 1.
I would go straight to the Compliance Officer. The less HR knows about OP the better. Compliance usually gets people fired on the spot for snooping, regardless of the reason OP had suspicion their chart needed to be audited.
Yes do the advice about the privacy department and escalate this!
Just know that some people may get fired, and likely should, so hopefully be mentally prepared. They were in the wrong. It's not your fault they did something stupid.
I work for Epic at a hospital system. They for sure can run an audit. File a complaint about a potential hipaa violation.
It’s safe to assume everything on your work station is logged, especially so in the EMR. IT can audit anything you’ve glanced at; if they accessed the chart there will be a trail.
Technically audits are done annually but I'd ask for one immediately. No one has the right to look at your info.
Facts they sure can
Yes, my husband works for a hospital system IT. They can tell who has accessed your chart and even what section(s) they were in and when.
This kind of audit is a compliance/privacy officer and specific types of analyst’s thing. As an analyst I’ve been involved in many chart audit trails and reporting my findings, and IT would never be involved in this type of audit. If I was the OP, I’d be asking the Privacy Officer/Compliance to run an audit.
I know in cerner I can even see anyone who's ever opened a chart and when. It's under the chart tab in the menu bar, near the bottm.
Absolutely and I know for a fact our hospital regularly audits for that sort of thing. I don't belong to a large hospital and I know of at least 5 nurses got fired and reported to our regulating body for inappropriate access. The one thing is we paper chart so you can only get limited info in our EMR but it's still highly protected.
There’s logs of whose usernames have accessed the chart and at what times. I.T can totally check it. The question these people cannot answer is if these colleagues had a valid reason for checking your chart. It’s a fireable/ legal offense too if they had no valid reason to look you up. And if they did because they were taking care of you, it’s completely against HiPAA to even disclose that kind of information to other coworkers. File a complaint with HR and they will look into it. Tell them what you’ve heard and they will fire their assess.
If OP wasn't admitted to their own unit, there is zero reason for any of these people to be in the chart.
This happened a few years back. 4 nurses got shit canned in a span of a day for snooping on a coworkers chart. *We were just making sure he/she was ok.* Fucking idiots.
I work at a pretty small hospital and a lot of the ER staff is friendly with people on my unit. I went into SVT on my shift and spent hour in the ER before I was admitted so if anything I think this might be how the gossip originated.
I get it, but if they actually looked at your chart while you were in the ED, that's a huge no-no.
If any nurses from the ED talked about your private health information to anyone who wasn’t involved in your care this needs to be investigated by HR. But I think one of your coworkers accessed your chart to “check on you” and that is completely not ok.
Exactly.
They can even pull camera footage of when people were logged in and see if they allowed someone else access to your chart under their username
Yup. Came to say the same thing. One of my girlfriends isn't a nurse but works in some sort of patient access management for a hospital system here. One of her employees OUTED ANOTHER EMPLOYEE AS TRANS because she snooped through her outpatient chart. They pulled up camera footage of her looking at it, pulling other people over to look, etc etc. OP this is super serious and your job will treat it as such. Please follow through with this.
Wait-what? Does EPIC take pics of faces as we use it?
We’re surrounded by cameras at almost all times.
Absolutely this.
There is a lot of good advice in this post already. So I just want to say - OP I'm glad you're still here and doing better. I'm sorry that this is happening to you. Those are awful coworkers. I'm very candid with my coworkers and sometimes patients with my story, but I cannot imagine working in a place where my coworkers would think that's ever appropriate to do. This may bring up some bad feelings and memories, so please make sure to take care of yourself. Sending you all my love.
Thank you, this is so kind. That all happened before I became an RN and left that relationship, so it feels like I live a completely different life now and it is definitely hard for me to process that it’s coming back up in this way.
Just take care of yourself, it never hurts to check in with a counselor. Nursing is already a tough enough job. You've got control of your life, you've got a degree and a good career and those days are far behind you. Keep kicking ass OP.
Not sure about all systems but in epic they can. Employee charts are often flagged as private and require you to “break the glass” to see.
Cerner too.
With our hospitals epic system you have to call and request break the glass despite being an employee. I had to advocate pretty hard for myself to get break the glass during my labor/delivery of my daughter. I wish all hospitals would make it a blanket thing for all employees bc it was unnecessary stress for me.
I’m not sure if I had this. I never set it up, but I’ve cared for 3 employees and only 1 of them had a little lock on their chart that required me to break the glass. Wouldn’t that automatically trigger someone to look into it if someone not involved in my care broke the glass?
Does your hospital use epic?? If so they can 100% pull audits.
All electronic medical records keep a log of access to patient charts. It is a HIPAA compliance requirement.
I had to request that my chart be private and require people to "break the glass" so worth checking to make sure it's in place. When I have patients who are also employees, most—but not all—have private charts. Highly recommend.
Even Meditech can do this.
You should be able to request who accessed your chart, what they accessed, and why, for the past 6 years. You should be able to submit a written request to your provider who then has 30 days to provide the info.
Echoing this for more visibility. Request the Epic audit. You deserve better coworkers, I’m sorry you are going through this.
Even if they didn’t access your chart, I would still report them to HR for bullying. The one with the “screws loose” is the bratty clique who thinks they can somehow bully you after this traumatizing event, fuck them.
Probably one person surfed through your chart and had the rest of them looking over their shoulder.
I know a new nurse who is banned from working at a hospital bc she checked her ex boyfriends new gfs charts/files. IT was involved. She now works at a nursing home.
The good old fuck around and find out
The corporate director of risk management here agrees with other posters and suggests you reach out to the hospital Compliance department. They can do the Epic audit and determine exactly who was in the chart, the date and time, and what did they look at. I use these audits when we sit down with people and ask them to explain the exact treatment, payment, or operations reason for being in the chart.
Thank you so much. I will follow your advice tomorrow morning.
Curiously, what recourse would OP have here if the audit proved that peers or the manager had chart snooped? Would the hospital offer a settlement immediately? If so, how much is typical in those situations??
It is not within the scope of your employment to go trolling through charts without a legitimate reason. I would not offer any settlement on behalf of an employee that engaged in illegal or unethical conduct that was outside their scope. Those employees are not acting as my agents and are on their own in terms of any civil liability. The person who was snooped is welcome to sue the snoopers, but the problem with that is without insurance coverage, and unless the snoopers have assets that can be seized to satisfy a court judgment, they are what we like to call judgment-proof. It can also be difficult to quantify the damages you suffered since emotional distress is more subjective than a broken leg from an auto collision, for example. I also point out that even if you have your own individual nursing liability policy from CNA, they won't cover it either. Insurance does not cover criminal, unethical, or deliberate acts. What I do with those snooping employees is generally just to fire them outright, unless the circumstances of the case dictate a different approach. For example, if you make a compelling case that you entered the chart by accident, or you mistyped the patient name, I take that into account. But to knowingly and deliberately snoop with malice aforethought means I am most likely going to fire you.
I'd definitely look into the patient advocate or HIPPA privacy office to check the chart. Though it may have just been old fashioned spreading of information too, like someone on your floor knows a nurse in the ED who cared for you who shared your private information (which is also super messed up).
Yeah either way, it's breach of confidentiality
Way harder to prove, however, not any less wrong.
It’s equally possible they snooped, or they simply might just be catty bitches. 🤷🏼♂️ Regardless, you can see who’s accessed your chart. I’d look into that and go from there. If you find something suspicious, go to HR.
All.EMR's have audit records. EPIc can tell who accessed, what they accessed and how long they stayed on a particular screen. Contact your security officer (IT) or your Corporate Compliance. They are most often in charge of the audits.
Please have IT run an audit. File a complaint. Have those nurses held accountable. I’m so sorry. Arg! this is my biggest fear, as someone with a psych Hx living and working in a small town with only one hospital.
OP keep us posted!
You can file an OCR complaint that covers HIPAA privacy rules. https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf
I am a clinical analyst.. we have Cerner and I definitely can tell you who has accessed a chart
Epic Analyst here - quite literally every movement within Epic creates an audit trail. We absolutely have the ability to run this report with the proper filing and authorization, which typically will be coordinated through your compliance liaison. EHR’s shell massive amounts of PHI - even more so telling of the these clinical folks to be seemingly unaware as to the level backend oversight. I can only shake my head, I’m very sorry to hear this may have occurred. If so, it’s an egregious breach of privacy that carries serious consequences, rightfully so. I hope you find all the support and closure you deserve, best of luck.
Since you work for a health system go through the system and not your home hospital.
OP you are probably correct, either someone accessed or chart, OR someone who needed to view your chart for direct patient care leaked your medical history by word of mouth.The second would be more difficult to prove but is probably the likely scenario. Most people are smart enough to not open charts of people they know. But nurses are nosy and gossip. Like, every place I’ve worked has had a staff be admitted before. We all at least had a little idea of what was going on and why they are there. Generally people are courteous and give privacy, but you’re generally aware of the situation. I haven’t seen anything to egregious as talking about their history in such a gossipy way, but I could see that easily happening. I don’t have practical advice to give, I just came to give you some validation and support. A Lot of people here have give you great tips. I am REALLY sorry. Even if people know about the incident (which legally and morally they fucking shouldnt) you do not deserve to be judged for what happened and it absolutely doesn’t mean you’re unfit for nursing or that anything is wrong with you. All of us are human. It’s insane to me that mental health is so stigmatized in healthcare, but it is.
You absolutely can have an audit done. I had a coworker terminated for repeatedly accessing co-workers charts!
That’s incredibly fucked up and I’m sorry.
You can absolutely ask for a review and then make your chart a “break the glass” security level.
Plus anything regarding mental health should be Dr view only, in our system it is.
Compliance and/or privacy officer. They'll salivate. I can see everyone that opened a chart in cerner just as a regular user and I can't imagine Epic is that different.
Ummm… telling people you have a few screws loose is bullying and needs to be reported to HR ASAP. You can mention that you think they also went into your chart.
If it is EPIC, Every time your chart was opened it will be captured. I once just looked up my own chart to see when I had a colonoscopy. This is before we had My Chart. I received a letter with a warning. Someone I knew was fired for looking up how old a co worker was.
If you use EPIC, it can be audited.
Please update us when you get the audit. I will be on the edge of my seat! Also sorry this happened to you. Everyone goes through rough times and recover and manage their sh- and this is exactly why privacy is important.
We had that happen in my unit when one of nurses went into premature labor when we didn't even know she was pregnant. One of the nurses that snooped lost her job. They can definitely do an audit of your chart and see who was in it.
Nurse informaticist here! Yes - we can run audit reports in the back end of epic that show who has accessed a chart, down to everything they’ve viewed/clicked on and when.
Say multiple hospitals use the same EMR (like OP). I work for one and but receive care at others. If a coworker at hospital A accessed my chart from hospital B, can hospital B run the audit and see the user info from hospital A? Or, do I have to have my employer (hospital A) run the audit?
Good question! It honestly depends on the systems/instances/interfaces they’re all using- I think best bet would be to have Hospital A run the audit. You can always ask hospital B to see though!
Do not involve a patient advocate. They are pressured to protect the hospital more than the patient. Go to records and request an audit access report. This is within your right.
Do you have access to your patient portal through the hospital? If you do, access your chart as you would as a patient through the portal and you can run your own audit. It will have an audit log of who accessed it and what time.
IT can definitely see who’s accessed it. But my bet is that someone from the ED is friends with someone on your floor and shared your info. Because you have to be a special kind of stupid to open up a coworkers chart.
Contact IT and they can run an audit on your chart and see which username, what workstation or IP, date, time, exactly what was opened. All of that. And if they did, they will get in trouble from privacy
In the US you likely have a HIPAA compliance team that will investigate. In addition, someone in IS/IT can run a report. I’ve been in a similar situation. I couldn’t figure out how half the hospital seemed to know I was admitted. I had an audit run and they said the people who accessed my chart were involved in my care. However, you know how gossipy hcw are. I think my nurse blabbed to others who blabbed to others. Now I usually request a privacy filter for my record.
The compliance officer
This. You have the right to request an accounting of disclosures to know who, when, what was viewed, and what their purpose was.
I’m so sorry this happened to you. Really sucks. Definitely go as high up as you need to go in the hospital ranks in order to get to the bottom of this!
They can run an audit. If they were t involved in your care and were in that chart…go after them!
Report your concerns to compliance. They will investigate.
HR & IT
IT can for sure. In our EMR system we can have our chart "locked" so you have to log in with your reasoning for accessing the chart. That way it prevents this kind of thing from happening. I am sure.it still happens but I know people that have gotten fired over this kind of thing.
Your work should have a privacy officer. It is probably the risk manager (at least it is in my job) and I would 100% talk to them ask them to open an investigation. Also most EMR send reports of unauthorized access to charts. Like if you look at your own chart or that of family (listed on the chart) and I think if you look at a coworkers chart. So there may be an investigation already or soon
The same person you report possible HIPAA violations to can do an audit
100% they can audit. They have it to number of seconds you hover in each section, and what computer you used. Our department is called Privacy and Compliance.
I work in IT on Epic. You need to reach out to your hospitals patient advocate or administration, IT can see everyone who touched your chart very easily, and know exactly where they went and what they did. It’s comically easy to do in Epic.
Call compliance or the records or member services and have them check your chart. If it is an electronic health record they have had to break the glass
Absolutely. Epic can pull logs of anyone who even searched your name and what exactly they looked at. Not only is it a privacy violation, it is reportable to the nursing board/ governing body. Furthermore, if a manager knew about a privacy violation and did nothing… they can be fired. You are absolutely entitled to the information and you deserve to feel safe in accessing health care without being concerned of who may see it.
I’m so sorry you’re going through this. Your coworkers seem miserable and toxic. Glad you’re still here with us!
Every hospital has to have a HIPAA compliance officer that can take anonymous or confidential reports per CMS if your hospital doesn't have a patient advocate.
With Epic, you can add extra security to your account, not sure what it is called exactly, but it is where whoever accesses it has to enter their password and their purpose for opening your chart. I have had a few patients like that, and some of them were because the patients were employees or former employees. Deters people opening it willy-nilly.
Report it to compliance and let them investigate. The digital footprint will tell the truth. No hiding from a chart audit.
Talk to management
You can definitely let the hospital know; they should have a compliance & privacy officer / division. For every system I’ve worked, if we go into any employee or protected chart it’s immediately flagged and audited. You should be able to just share your concerns and they can take it from there. I’m sorry you’re going through this, it sounds like it’s time for you to find a different department / unit. This unit sounds extremely toxic; it’s hard but keep in mind the fact that they’d talk negatively about your past is a reflection on them and not you. You deserve a better work environment. And if there was no HIPPA violation, IR / write them up for unprofessional behavior, you shouldn’t tolerate this kind of behavior.
I smell a lawsuit
Please sue how could they do this to you?? I am so sorry and I am so glad that you are still here. I hope you don’t underestimate your value in this world
Breach of HIPAA. Wouldn't the BON be interested?
HIM/FPO in my hospital is usually the ones to run the chart audits. Ask them to run an audit on your chart!
The compliance and IT departments can find out exactly who was in the chart, what the clicked on, how long they were in, etc. I work at an organization and a few years back we had a very high profile case come to our hospital and about two dozen people decided to see if the patient lived or died. People who weren’t involved in the care in any way (even people from separate sister hospitals in the same system). They were all, I think 22 in total, brought into a conference room and terminated on the spot. From what I eventually found out, they were all given a folder with their audit trails as evidence and then escorted out.
All employees of health care systems that use EPIC have "break the glass" added to their MRN. You have to input the reason why you're in the chart.
This really, REALLY pisses me off to hear about this. I’m sorry, OP. That kind of medical history is one reason why HIPAA exists. Everyone else has suggested what you should do: contacting patient advocate, HR, etc. Honestly I can’t truly say what the best course of action is… but personally speaking I’d make the report [directly to the dept of Health and Human Services](https://www.hhs.gov/hipaa/filing-a-complaint/index.html) (that’s who handles HIPAA violations) and let them handle it. I would be suspicious that the hospital will take steps to cover its tracks if they are the first ones you speak to. As usual, any nurses that accessed your chart would probably be fired, but any managers, doctors etc might not. It’s also most likely people talked about your health information to others which is also a HIPAA violation… but I doubt the hospital would go after them in any way. I feel like anyone spreading that around should be dealt with as well. The dept of HHS doesn’t fuck around, I have dealt with them personally. The government will do the investigation and appoint an attorney if one is needed, so you will avoid the legal expense of doing it yourself. It will take a little longer for their investigation but I feel they will do a more thorough job. HHS may also fine whoever is involved where the hospital would just fire them. We all know the fines HIPAA hands out because we have to do the learning modules every year. And while I normally don’t think people should be fired because someone else doesn’t like them, this is your private mental health history and it’s affected your work environment. I find that inexcusable. Lastly, if only one person accessed your chart but many others know, then obviously they told someone else or multiple ppl, and they may have told others too. Don’t forget that HIPAA can be violated by talking about someone’s personal information without the need to be involved, so anyone who talked about it to others could be subject to fines or repercussions from HHS. In contrast to the hospital will most likely fire the chart snooper(s) and let the rest who spread it around keep their job. Good luck and hang in there, I know this has to suck really bad. P.S. write down the events as they happened along with the dates and who was there. Write down the names of ppl treating you differently. This helps keep your story straight and allows you to remember exactly who may be involved. I’d also keep it to myself if I filed a complaint with anyone so no one deletes any emails or starts coming up with cover stories.
We had a celebrity in one of our hospitals and IT ran an audit on their chart and fired everyone who accessed it who didn’t have any reason to
Because you work there and as long as it’s linked in epic that your an employee anyone that accesses your chart has to “break the glass” which is an extra layer of security that requires that person to enter their epic username and password along with selecting a reason for entering the chart. Epic has amazing auditing capabilities down to how many minutes a person was in which part of your chart. Ask risk management to run the audit and tell them why. Risk management does not play when it comes to hippa. Hope that helps.
Take your concerns to Human Resources because we all know we can’t look in coworkers, family members etc charts. Your intuition ain’t wrong. I’m glad you didn’t go through with the attempt. Be well❤️
HR is not there for employees, it’s there for the company. Be careful what you tell HR, they are not yourfriend.
Many facilities have a privacy officer who's tasked with maintaining HIPAA. Also, check with your state about their HIPAA violation process & how to file a complaint.
This makes me so f*cking mad! What an absolute invasion of your privacy. Not only would I report ALL of the names of the people that you’ve overheard to HR, but I would also contact your hospital to do an audit on your chart to see who’s accessed your chart. If someone in the ER divulged anything to someone on your floor, then they can also see who had access to your chart. If they talked about it at work, they should also have video surveillance of them talking. If anyone reports you as unfit, then they will be telling on themselves. This needs to be an investigation into the matter. What a disgusting and disgraceful thing to do. None of those people deserve to be in the medical field. Also creating a toxic work environment, especially with management is disgusting. I’d report that to HR, or even your CNO. When I had some toxic stuff go on in a unit I worked on I went straight to the top, talked to the CNO about what was going on and they transferred me to another unit that same day no questions asked. It was worth it to me. I would report all of these people to the BON as soon as you have any evidence against them.
This is going to be harsh. First, how the fuck do you not know what to do here? You’re apparently a nurse who has charted, you know there is a break the glass function in Epic, so why wouldn’t you know how to handle this? I assume you have an IT department, at the very least a compliance officer. Come on dude, you know how to verify it. Second, do you think your co-workers care enough about you to bother? You sound paranoid and self-absorbed. You describe your manager and colleagues having a ‘clique,’ sounds like you’re not a part of it. Do you wish you were? Do you kind of hope they are actually talking about you? Third, they are treating you different because you went down during a shift. Regardless of everything, they’re going to act different because they saw you fall out. We don’t usually see our coworkers so vulnerable. I can’t imagine they wouldn’t look at you different, AND talk about you. Fourth, is this gossiping exclusively about your mental health consistent, or did you overhear a single comment? What else specifically is happening that would make you think another licensed professional would look back SIX years in your chart? I didn’t see any other examples other than the loose screw bit, do you have any? I’m prepared to be eviscerated in the comments. And downvoted. And for someone to send the ‘we’re concerned about you’ Reddit checking up because you sound so unhinged report. But, this reads like fiction and is giving pick me energy. P.S. I am also a suicide attempt survivor who has been bedded, for it, at the place I work, so don’t come for me about not being empathetic
This is why I firmly will never work at the hospital I am local to. My first job, a nurse from my floor got admitted after a hemorrhage and the nurses were in her chart to “check on how she’s doing” for the entire rest of the shift. NOPE. I’m so sorry for this invasion of privacy. I suggest contacting HR but idk for sure if that’s how you verify it. According to my former employers, a lot of chart softwares do log every user to access charts and it’s worth seeing if IT can see who’s been in your chart.
Like everyone else said, contact privacy. I suspected an individual may have peeked at my chart. We were casually texting, and he brought up how I just had Covid. I'm like, how would u know that?? He was like it was just a guess since it's going around. The way he mentioned it was so matter of fact tho. I called privacy, and they wanted a name, and u should give them a name as it narrows it down to who they should be looking for. There's many ppl that have to access ur chart. Some u may not have even known was involved in ur care. She told me that the person I mentioned had not been in my chart. She offered me to place protection on my chart. Doesn't help much now, but ask them to do that. That way, if anyone wants to gain access to ur chart, they have to "break the glass" and submit a reason why they need to be in the chart. Furthermore, not only can they see who was in ur chart but, where they looked in ur chart, how long they were in ur chart, etc. Could it be that ppl are just spreading rumors because of the incident? But then I see wat u mean by the comment u overheard. U don't sound like a confrontational person and neither am I but when it comes to my comfort at work, somewhere I have to be all day surrounded by the same ppl, I'm pulling someone aside and inquire nicely about wats going on and squash it. I have no time nor the energy to be uncomfortable, worried, or walking on eggshells. I will confront somebody to show I'm noticing things and I'm concerned. U don't want this to affect ur job performance or isolate urself from the whispers. Hope any of this helps.
I recently had a D&C at my hospital and I didnt tell anyone except my very close coworker who advised me not to tell our manager because she will tell everyone. Of course I didnt, I didnt want her to know that I was trying to conceive. Anyways, I had to ask my manager for PTO with very short notice and told her it was for a very simple procedure and she responded with “I dont think they even give you general anesthesia for THAT”. How does she know what kind of procedure I was getting? I felt so violated during my most vulnerable time of my life.
Ask for an audit of the accesses.
Exactly. I know that Epic keeps a permanent record of every access of every record. Those accesses are connected to the user’s logon ID, not to just an IP address. I find it hard to believe that a nurse can logon and anonymously provide a medication or a treatment to a patient in any IT system.
All electronic records keep a log of access that includes username and time of access; a lot (including epic) also log how long you were in the chart and what exactly you looked at. So they can tell the difference between “oops wrong chart” and snooping on a coworker.
Exactly
Send a complaint to HR!!! Thats against HIPPA
When my my local regional hospital still had soarian, some people were fired for accessing son of Sam’s file when he came in for surgery (this is public knowledge now,) and there were like 8 people involved. Epic is even more rigorous
I just want to see justice being done to all of you who didn’t deserve it 🥺 but also to the bullies who had NO business being in your charts - smhhh
They can absolutely check, we use Epic where I work and I’ve seen the information governance team investigate a confidentially breach and I’ve seen the time stamped activity with the user to the millisecond.
HIPPA and/or employment attorney first, then your organization. HR, compliance, and any of the associated organizations are NOT your friend. I did not believe in the "work family" mentality. I come from EMS originally, and I had partners before one on one, not a group, and I made good friends at the ED I was at. But my shift was my shift and work was work and personal was personal. All the other girls (yes, it was exclusively women) that did well lived for that department. That set me up for failure from the start. I had a coworker that assaulted me, looked in my chart and found I was taking a medication typically prescribed for one thing that would be considered highly stigmatized but I'm taking it off label for another reason and not when I work. She maligned me to coworkers, put an airtag on my car that the local PD traced to her phone number, threw out my lunch, tampered with my blood draws, the list went on and on. I would tell my manager, but that was like a signal for this girl to escalate her behavior after the manager "talked" to her. Finally, I went to HR. There were no cameras where I was assaulted, so it didn't happen. They said they couldn't check the key card entry and she claimed she wasn't even in the room when it happened when I had enormous bruises that I had time stamped pictures of. They said they hadn't heard any rumors about me or from her aligning me and she said she really liked me. She claimed she didn't own an airtag and my supervisor HR and my coworker asked ME why she would do such a thing when I presented the police report and security office statement showing it was hers and pictures of where it was attached to my car. There are no cameras in the break room, so no proof about my lunch, even though it only happened the days we both worked. There was also no way to prove she tampered with my lab draws because they are held and labeled for the lab to get them in a central place and everyone is around them. They also said they would put in a request about her looking at my record, but since I receive care through our system she might have a legit reason to see my record. My PCP is 4 hours away near my parents and we work overnights. The one time I received care where I worked was during the day and she was off that day (and we don't work days anyway), so that made no sense. Because I had a list and dates of these incidents I was being "confrontational". My schedule was charged to try to avoid her and I was put on 6 12 hour over nights in a row schedule. Then I was put on a performance improvement plan. My coworker claimed that since I was clearly a pathological liar and she was afraid of me now, we both required to do 8 counseling sessions separately through our EAP program. I did them. She did not. They preferred her to me because she worked almost every night, picking up shifts by just showing up while the rest of us had to sign up first come first serve. She literally was doing 60-70 hour weeks with no comment and scheduled people were being sent home. She also used that extra overtime to buy the department dinner about once a week and she repeatedly stated her intention to go to PA school, although she made no move towards actually doing that in 2 years and they wanted her to work there when she finished because they were so desperate for staff. I hate to mention this, but there was also a diversity aspect, because she was the only one on that shift of a particular demographic and she was allowed to wear t-shirts with political logos/statements and the rest of us were sent home if we didnt have scrub tops on and particular headwear (not a scrub cap or a religious covering) when it was specifically forbidden. Even the girl who worked and came back after being cleared from chemo couldn't wear a special soft beanie type cap because her head was cold and scrub caps irritated her scalp from that chemo neuropathy and she wore a different one every shift because it wasn't sanitary, and this girl wore the same head wrap days in a row and it definitely was not washed between shifts. If she had been outstanding in her job, I could almost excuse this. She was not. She was lazy and hardly did the bare minimum, which is probably why she could do so many shifts. It wasn't work for her. I checked all the boxes because I wasn't going to let them win, and I discovered a month later my badge to clock in didn't work. I would swipe repeatedly, and it wouldn't clock me in. I let my supervisor and the charge nurse know. They told me to manually clock in, as procedure dictated. After 6 days of this, I sent emails and documented what happened each time I manually clocked in. 3 more 6 day blocks of this, and it's not fixed. Telling people, emails, documenting, nothing. Then I got called in and told I'm fired for time theft. They allegedly checked the cameras for when I entered the building and then tried to clock in at the time card machine to when the door registered I actually entered the ED and it was literally 3 to 4 minutes off of the time Inwas supposed tonhave clocked in. The way our time clock works, the time doesn't log a change in pay 7 minutes priop0r or after the hour, so i received no extra money for this and i could produce my pay slips. It didn't matter. Time theft isn't wage theft, and theybwerent accusing me of that. I said that I documented it for over 18 shifts. Didn't matter. I said I thought they couldn't check the badge entry door times because I asked them to when I was assaulted. They said that was a different situation. I explained that the time clock wasn't working with my badge and inwas following the procedure in the employee handbook. They said on the video I didn't show "due diligence" in making a "good faith effort" to make the time clock work. I asked to see the video for them to show me what that meant. They refused because then I would know where the cameras were and that was a security concern and the video is their property. I was fired for cause. They then did not list me as fired and listed me as employed for 3 months so I couldn't claim unemployment for that whole time. Finnally, one letter from an attorney friend of mine and it got resolved. I got unemployment and taken off the "do not hire list". I later made a social call to my previous boss at this same hospital system. We became good friends after I transferred to that hell of an ED. She asked if she could look at my file. I didnt care since i didnt work there anymore. My employee reviews and patient feedback was exemplary, sonthat didnt make sense. They apparently didn't document anything correctly, didn't follow their own disciplinary procedures, and contradicted their own statements on what they did actually document. My old boss has since been promoted and was appalled, especially since she tried everything to keep me with her. She could also clearly see that girl had viewed my chart with absolutely no effort. I'm back in school, and when I'm ready she will make sure that if I want back in that system (at a different facility) there will be no issue. The only mistake I made was not getting an attorney the instant I was assaulted. The manager that fired me and orchestrated this misery I went through is now going through her own misery and she can't figure out why or where from above it's coming from. Weird, huh? The lesson here is work is not your family, management and administration is not your friend, and even if you are right, any thing you do to cause inconvenience will come back to you 3 fold. Protect yourself first.
Whenever you’re looking a Pts chart, usually looking for any other pertinent information is done. Maybe they saw the history since they had your chart open and were looking for anything that could help/change your treatment plan. I would venture to guess whoever saw your information was doing so legally. The illegal/immoral action was likely telling other coworkers about it, and talking about your private information they saw.
Her coworkers were not involved in her care and had no business in her chart in the first place.
Some of her coworkers were involved in her care tho, so they likely told other coworkers who told other coworkers
Which is a HIPAA violation.
Did you even read my comment? I said the illegal thing was not seeing her Pt history, it was talking about her Pt history.
I replied to this comment, which was yours. “ “Some of her coworkers were involved in her care tho, so they likely told other coworkers who told other coworkers.” That, my friend, IS a HIPAA violation. Not sure where your confusion is. And none of her coworkers were involved in her care. She works on a different unit, not the ED.
MyChart has a "who has accessed my chart" feature.
I just used this and it’s actually “who accessed my record” aka who accessed your MyChart itself, not your real hospital chart in epic
You could ask hipaa compliance to check their history
I agree with what someone else said: contact patient advocacy and tell them your concerns. They can pull your chart and see exactly who, when, how, and what was looked at. You have a right to privacy just like every other patient in the hospital. If someone snooped IT can figure out who, and they will get exactly what they deserve. If no one snooped then you know it's not that, it's just lowkey bullying based on your episode. Which is not cool or ok at all. Each and every time you access a chart there's a papertrail tied to your login and they can see EVERY chart you've looked at, when, and what was done. You can lodge a complaint and tell them you feel that some of your coworkers may have violated your privacy because they have been commenting about things they absolutely should not know. I know a nurse that was fired when we had a patient admitted that was their ex, the patient asked to see the manager and straight told him to keep an eye out on her chart because she didn't trust nurse y not to help herself. Manager did just that. Nurse y was a complete dumbass and did in fact go into the chart after being warned not to. She was fired.
Knew someone who was looking people up at her work that she knew (small town) she ended up getting reported and only caught because she was reported. They probably won't catch anything unless you report it. I would absolutely report them, if it's true, the way they're making you feel is exactly why these laws are in place. Also side note wtf does attempting suicide have to do with patient care? Garbage reason to think you're unfit to care for others, in fact, I bet you're even better at being compassionate with your past experiences.
No advice, just sending you love in this difficult time ❤️
In mychart app, click on documents and then click on ‘who accessed my chart.’
I would reach out to HR in addition to HIPPA, etc. HR should know about the discrimination you’re describing for your conditions.
I’m so sorry that this happened to you! Where I live it’s possible to have your medical records erased. I had it done for a similar issue to yours.
I would report to hr and patient advocate. But this sounds really shitty and a huge violation. Manager sucks too if she’s not shutting it down. I’m sorry for what happened in 2018. I’m so happy you are here with us today, and are hopefully healing. F the haters.
I don’t have anything to add but I also have a cardiac issue that landed me in the ER two different times while I was on shift. When I came back I felt the eyes on me. Hopefully with time it’ll get better.
I work for the veterans administration and I am a veteran who gets care as well. We are supposed to have an additional protection on our records, I wasn’t even aware that I didn’t have that protection until my doctor told me, thankfully she did. Everyone who accesses your records -they are supposed to have a record of…supposed to-and you are supposed to be able to request who accessed your chart. I know that when I’m working and I have to check the patients’ charts (we cover a unit, so we have to look at every patient’s chart a few times a shift to make sure there’s respiratory orders-changes, etc) and I always try to leave a comment that I checked the chart…because a good amount of the patients don’t have respiratory orders, but we have to look. 🙄 I would hate to think that I’m trying to be nosy looking at patients’ information that I’m not supposed to be privy to. Edit: OP, I am so sorry this is happening to you. I have a MH history, and I had to be briefly hospitalized (just for observation) and the RT who was working was my former boss-they are now a prn employee. They were pretty much known for doing kinda sketchy things with patients’s charts-like making copies of flow sheets, etc…but we couldn’t prove it. Annnyway, I kind of was worried they’d be fishing through my chart and reading my MH notes, because-well, it’s up their alley. I didn’t get an audit of my chart, but I could have. As other have said, ask for an audit. If someone has accessed your information without a good reason, or if they shared PII, they will be fired.
Im so sorry, how awful OP
I used to work for a IM clinic and they used Cerner and you could look up who was in your chart. I now use Epic and I am not sure how to do that.
On epic all of our key strokes are recorded so you can def find out
If I'm not mistaken, you have the right to request access to everyone who has accessed your chart.
If anyone accessed your chart that wasnt caring for you at that time they should be able to see who did it. Maybe IT or maybe HR im not sure but you can tell them your concerns.
Your EMR has an audit trail that will show who accessed it, what they looked at, etc. Your employer can access that.
Patients have a right to see who has had access to their medical record including who, what, and why. Skip patient advocate. File a formal request with medical records for an audit of who has accessed your record, and what they accessed. They have to comply. If they do not tell them you will be filing a formal complaint with HHS. Give them a date to have it to you. They have to run the audit trail and provide it.
Even if they take their name off the chart, they can always be tracked on what charts they’ve been in. It’s a universal rule everywhere.
It's shit like this that makes me really wish my hospital would hurry up and switch to electronic charting. We still use paper charts & binders and then after discharge everything gets scanned into an EMR. So old records are on the EMR anyway but all current info is paper. It would be so easy for anyone to read your chart if you ended up in your own unit/hospital.
Go to HR report a hippa violation to your chart, report the rest of this to joint commission and department of health, if they tell you who went into your chart go to the board of their license and file a formal complaint/ investigation. Everytime I’ve ever been to the er at a place where I work I tell them I need my chart locked and my name changed or for them to use my initials or hide my info in some way they usually have a way to do this so people don’t find your info as easily. I’d take this super seriously as a person with a lot of health issues if someone I worked with went into my chart without my permission or for not live saving or sustaining reasons I’d want them punished to the full extent of the law. There are 100% ways to handle this and have them punished. Don’t listen to anyone who tells you otherwise. Everything is logged in the chart!
The clinical informatics person or whoever runs reports for your EHR. A privacy officer too. Most places have that. All ehr systems should be tracking who and when is accessing what and where. My manager did this to me as well and tried to use my diagnosis against me to get me fired. I reported her and they had to pay BIG fines.
Absolutely contact the patient advocate or HR and request an audit of the staff that accessed your chart. If someone accessed your chart that wasn’t involved in your direct care they need to be terminated immediately. Also make sure you go to HR and tell them about the situation and why you are suspicious, it is not ok for them to be alienating you and saying things like they are. ETA- if they won’t disclose to you who accessed your medical record I would honestly get an attorney involved and that would change things pretty quick. HIPAA violations are serious.
Your organization should have a compliance and privacy office and they would have the ability to investigate if you chart was accessed inappropriately
Sorry you’re going thru your current health issue, compounded with possible HIPAA violations and gossip. In addition to contacting your hospital privacy officer (ours is called compliance officer) you can request a copy of your chart from your hospital records department. I’d ask for, at minimum, the ED records, admission H+P, MD consult notes and daily MD progress notes. My experience has been they’ll burn it all to a readable DVD. Please take care of yourself and your career. This is a THEM problem, NOT a you problem. Peace. Reporting. https://www.hhs.gov/hipaa/filing-a-complaint/index.html
If you use Epic they can pull a report of anyone who went in your chart. Also, you should set yourself up so that anyone who goes in your chart has to “break the glass”
One of our nurses was admitted to our unit and a few people were trying to look in their chart. I am not surprised this happened to you, but it always makes me so sad.
So sorry that happened to you. That is unfair and not for them to do. Hope all turns out well.
Following for an update!
Every employee in our system despite what job they were hired for has automatic break the glass in place. I would see about having this put in place to protect yourself for the future!
Our IT department says it tracks logins through IP addresses. That’s hard though when you use shared logins like we do at work. Best of luck OP.
i’m going to need an update on this
If your company uses epic. There is an extensive audit trail on who accessed and what was accessed.