Epic privacy: Inappropriate access will be monitored

​Aug. 21, 2013

With wider access to electronic health records throughout the system, it's important to keep in mind Providence’s policies regarding access and use of patient medical records. To ensure the privacy and confidentiality of patients’ protected health information, Providence closely monitors electronic access to records and investigates suspicious activity for inappropriate access.

Providence employees are required to take regular privacy and security training. That training reinforces the HIPAA privacy and security rules and Providence policies, which prohibit physicians, clinicians and employees from directly accessing the records of family members, co-workers, friends or others without a legitimate business need.
See Providence's system-wide policy.

Providence's policy also prohibits physicians, clinicians and employees from accessing their own health records through Epic or any other electronic health system without following the same process all patients must use.

For many years, Providence has had a robust privacy compliance program. To continue building our program, and ensure that employees are accessing records appropriately, Providence recently implemented a monitoring tool to further safeguard patient and employee privacy. Inappropriate access to patient information and violation of Providence privacy and security policies may result in progressive corrective action up to and including termination.

To learn more about privacy monitoring, contact Theresa Bervell at 425-525-3034.