Auditing of Medical Records (who's looking at my record?)

This forum made possible through the generous support of SDN members, donors, and sponsors. Thank you.
C

crazybrancato

Full Member
15+ Year Member
Joined
Apr 21, 2008
Messages
197
Reaction score
1
Is there a way to audit a record in AHLTA / Essentris, to see which providers have been looking at the record? [I'm asking for a friend......ahhh why lie, I'm in a messy divorce.]

I've been told that an individual's record can be audited, to see which providers have been in that record. But I think this is a facade, I don't think AHLTA or Essentris have that level of sophistication (it can't even track version changes). I've heard of people getting in trouble for snooping around in records, but I think they got caught because they admitted to it, or someone caught them in the act. I don't think there's a real forensic trail , or is there?
Members don't see this ad.
 
Talk to your privacy/HIPAA officer. If you have a reasonable concern there is potential for investigation.
 
backrow said:
Talk to your privacy/HIPAA officer. If you have a reasonable concern there is potential for investigation.
Click to expand...
I have. They say it's a beuracratic process, no surprise. But I think they're just blowing smoke, I don't think anyone knows the actual buttunology enough, to research who's been in a record. Take chcs for instance...of course if your order things, your name is tied to it... but if you're just viewing, does it timestamp your presence in the record? I think not, I think it's just a facade.

i have a situation where i think my x might have been in my record (just viewing it). but i have no electronic proof.

our emrs are so terrible, in no many respects, but i think this is a huge security hole (if in fact theres no timestamp, or no forensic way to tell who's been in your record)
 
Members don't see this ad :)
crazybrancato said:
I have. They say it's a beuracratic process, no surprise. But I think they're just blowing smoke, I don't think anyone knows the actual buttunology enough, to research who's been in a record. Take chcs for instance...of course if your order things, your name is tied to it... but if you're just viewing, does it timestamp your presence in the record? I think not, I think it's just a facade.

i have a situation where i think my x might have been in my record (just viewing it). but i have no electronic proof.

our emrs are so terrible, in no many respects, but i think this is a huge security hole (if in fact theres no timestamp, or no forensic way to tell who's been in your record)
Click to expand...

That's unfortunate. I know in the VA CPRS has auditing capabilities where I can roll down to the ROI office and demand an audit of my health records and it will show me anyone who has accessed my files. I had to do this one time because we had a nosy co-worker who liked looking in co-workers' medical records.....
 
There is an audit trail with timestamps. I have no idea what the mechanism is to initiate an investigation but your local privacy/HIPAA person is where I'd start.

At a minimum, the NIST security controls applicable to ALL government information systems require audit logs. There's a whole family of them (AU).

Cybersecurity and Privacy Reference Tool | CSRC

nvd.nist.gov nvd.nist.gov

I'm the program manager for a Navy IT project and the system audit logs are required to be retained for at least two years. This is for a system that contains no patient records or other protected PII. Audit logs for EMRs are probably retained forever.
 
Yeah, I'd be surprised if they actually couldn't check logs. But it is absolutely no surprise on any level whatsoever that they don't want to make the effort to do it for you.
 
Exactly. Talk to a JAG and see if they can figure out how to request it formally for you. It’s not going to happen at a low level. That said, why bother
 
pgg said:
I'm the program manager for a Navy IT project and the system audit logs are required to be retained for at least two years.
Click to expand...
I got the deer in headlights look when I inquired with our hipaa people and IT manager, probably b/c they don't want to help me.

thank you for posting. I wonder if you'd consider a little experiment sometime: say you ask a half dozen of your people to log into a training record (in AHLTA/chcs/essentris, we have several training records "TEST, PATIENT DOB 1/1/01" etc etc). Then try to do an electronic audit of said record. Can you produce an actual electronic log, demonstrating who (and exactly when) someone viewed the record?
 
crazybrancato said:
I got the deer in headlights look when I inquired with our hipaa people and IT manager, probably b/c they don't want to help me.

thank you for posting. I wonder if you'd consider a little experiment sometime: say you ask a half dozen of your people to log into a training record (in AHLTA/chcs/essentris, we have several training records "TEST, PATIENT DOB 1/1/01" etc etc). Then try to do an electronic audit of said record. Can you produce an actual electronic log, demonstrating who (and exactly when) someone viewed the record?
Click to expand...
The system I manage is not part of any of the medical record systems we use.

I don't have that kind of access to any of the EMRs. I am 100% certain it is possible to produce such an audit. I am 95% certain the people with that access won't do it for random people like me just to prove it can be done. Again, if you think your record has been inappropriately accessed, call or email or walk to the hospital's privacy/HIPAA person and make a formal complaint. They can't ignore you. If they do, have a lawyer do it.
 
You must log in or register to reply here.

Similar threads

2
Home of Record
Replies
9
Views
3K
MTGas2B
MTGas2B
F
Questions regarding post-medical school/post-GMO consequences of HPSP scholarship
Replies
1
Views
1K
pgg
pgg
magician7772222
HPSP for someone who wanted to join the military out of high school but didnt?
Replies
33
Views
2K
pgg
pgg
P
Civilian Audition Rotations - 4th year
Replies
1
Views
889
Brouillet2017
B
L
Placement at medical units as a physician in the Army Medical Corps
Replies
2
Views
2K
lebesqueintgravy
L
Top